CVE-2015-0712 — Cisco Staros vulnerability

CWE-3994 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 35.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Staros

Timeline

PublishedMay 1

Latest updateMay 17

Description

The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/staros4 versions+3

🔴Vulnerability Details

GHSA

GHSA-q89c-84wv-f79v: The session-manager service in Cisco StarOS 12↗2022-05-17

▶

CVEList

CVE-2015-0712: The session-manager service in Cisco StarOS 12↗2015-05-01

▶

📋Vendor Advisories

Cisco

Cisco StarOS for Cisco ASR 5000 Series HTTP Packet Processing Denial of Service Vulnerability↗2015-04-29

▶