CVE-2015-4285 — Cisco IOS XR vulnerability

CWE-3994 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 35.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XR

Timeline

PublishedJul 23

Latest updateMay 17

Description

The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/ios_xr4 versions+3

🔴Vulnerability Details

GHSA

GHSA-fx7w-42hf-7jg6: The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5↗2022-05-17

▶

CVEList

CVE-2015-4285: The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5↗2015-07-23

▶

📋Vendor Advisories

Cisco

Cisco IOS XR LPTS Network Stack Remote Denial of Service Vulnerability↗2015-07-22

▶