CVE-2015-4204 — Missing Release of Memory after Effective Lifetime in Cisco IOS

CWE-3995 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.7%

top 28.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedJun 23

Latest updateMay 17

Description

Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/cisco_ios12.2, 12.2\(33\)+1

🔴Vulnerability Details

GHSA

GHSA-vj5g-jj63-gm6r: Memory leak in Cisco IOS 12↗2022-05-17

▶

CVEList

CVE-2015-4204: Memory leak in Cisco IOS 12↗2015-06-23

▶

💥Exploits & PoCs

Nuclei

Swim Team <= v1.44.10777 - Local File Inclusion

▶

📋Vendor Advisories

Cisco

Cisco IOS Software UBR Devices SNMP Subsystem Denial of Service Vulnerability↗2015-06-22

▶