CVE-2015-0771 — Cisco IOS vulnerability

CWE-3995 documents5 sources

Severity

6.3MEDIUMNVD

OSV5.1

EPSS

0.3%

top 44.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Cisco IOS

Timeline

PublishedJun 12

Latest updateMay 17

Description

The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 6.8 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/ios12.2\(33\)sxj8, 12.2sxj+1

▶Ubuntusamba/samba< 2:4.1.6+dfsg-1ubuntu2.14.04.13

🔴Vulnerability Details

GHSA

GHSA-fvpv-pjqh-3r46: The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12↗2022-05-17

▶

OSV

samba vulnerabilities↗2016-03-08

▶

CVEList

CVE-2015-0771: The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12↗2015-06-12

▶

📋Vendor Advisories

Cisco

Cisco Catalyst 6500 Series Switches IPsec Tunnel Handling Denial of Service Vulnerability↗2015-06-08

▶