CVE-2015-0644 — Improper Input Validation in Cisco IOS XE

CWE-20 — Improper Input Validation CWE-3994 documents4 sources

Severity

7.8HIGHNVD

EPSS

2.1%

top 16.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE

Timeline

PublishedMar 26

Latest updateMay 17

Description

AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios_xe15 versions+14

🔴Vulnerability Details

GHSA

GHSA-47gh-x5wx-f7h6: AppNav in Cisco IOS XE 3↗2022-05-17

▶

CVEList

CVE-2015-0644: AppNav in Cisco IOS XE 3↗2015-03-26

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers↗2015-03-25

▶