CVE-2015-4277 — Cisco Nx-os vulnerability

CWE-3994 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 43.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os

Timeline

PublishedAug 19

Latest updateMay 17

Description

The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/nx-os5.1.3, 5.3.0+1

🔴Vulnerability Details

GHSA

GHSA-7w44-9v43-mqpr: The global-configuration implementation on Cisco ASR 9000 devices with software 5↗2022-05-17

▶

CVEList

CVE-2015-4277: The global-configuration implementation on Cisco ASR 9000 devices with software 5↗2015-08-19

▶

📋Vendor Advisories

Cisco

Cisco ASR 9000 Series Aggregation Services Routers tmp Files Denial of Service Vulnerability↗2015-08-11

▶