CVE-2015-4284Improper Input Validation in Cisco IOS XR

CWE-20Improper Input Validation4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 32.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedJul 22
Latest updateMay 17

Description

The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios_xr5.3.0

🔴Vulnerability Details

2
GHSA
GHSA-fw8p-7crp-9pw9: The Concurrent Data Management Replication process in Cisco IOS XR 52022-05-17
CVEList
CVE-2015-4284: The Concurrent Data Management Replication process in Cisco IOS XR 52015-07-22

📋Vendor Advisories

1
Cisco
Cisco IOS XR Concurrent Data Management Replication Process BGP Process Denial of Service Vulnerability2015-07-21
CVE-2015-4284 — Improper Input Validation in Cisco | cvebase