CVE-2015-0640 — Improper Input Validation in Cisco IOS XE

CWE-20 — Improper Input Validation CWE-3994 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 37.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE

Timeline

PublishedMar 26

Latest updateMay 17

Description

The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via large IP packets that require NAT and HSL processing after fragmentation, aka Bug ID CSCuo25741.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios_xe48 versions+47

🔴Vulnerability Details

GHSA

GHSA-ghv2-r6gc-95rm: The high-speed logging (HSL) feature in Cisco IOS XE 2↗2022-05-17

▶

CVEList

CVE-2015-0640: The high-speed logging (HSL) feature in Cisco IOS XE 2↗2015-03-26

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers↗2015-03-25

▶