CVE-2015-0708Cisco IOS vulnerability

CWE-3994 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 60.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedApr 29
Latest updateMay 17

Description

Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios7 versions+6
NVDcisco/ios_xe3.13s.0, 3.13s.1, 3.14s.0+2

🔴Vulnerability Details

2
GHSA
GHSA-5mjc-g8ww-3ww4: Cisco IOS 152022-05-17
CVEList
CVE-2015-0708: Cisco IOS 152015-04-29

📋Vendor Advisories

1
Cisco
Cisco IOS Software and Cisco IOS XE Software Crafted DHCPv6 Sequence Denial of Service Vulnerability2015-04-28
CVE-2015-0708 — Cisco IOS vulnerability | cvebase