CVE-2015-0645 — Improper Input Validation in Cisco IOS XE

CWE-20 — Improper Input Validation CWE-3995 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 37.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE

Timeline

PublishedMar 26

Latest updateMay 17

Description

The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuq59131.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios_xe40 versions+39

🔴Vulnerability Details

GHSA

GHSA-v93q-m474-gq7v: The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2↗2022-05-17

▶

CVEList

CVE-2015-0645: The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2↗2015-03-26

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers↗2015-03-25

▶

💬Community

Bugzilla

CVE-2015-0271 OpenStack dashboard: log file arbitrary file retrieval↗2015-02-17

▶