CVE-2015-0710Cisco IOS XE vulnerability

CWE-3994 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 60.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedApr 29
Latest updateMay 17

Description

The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling, aka Bug IDs CSCup37676 and CSCup30335.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios_xe3.10.0s, 3.10s.01+1

🔴Vulnerability Details

2
GHSA
GHSA-cq2f-mgf9-68xr: The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 32022-05-17
CVEList
CVE-2015-0710: The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 32015-04-29

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software OTV Processing Code Denial of Service Vulnerability2015-04-28
CVE-2015-0710 — Cisco IOS XE vulnerability | cvebase