CVE-2015-4291Cisco IOS XE vulnerability

CWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedAug 1
Latest updateMay 17

Description

Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios_xe13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-2wp8-8f56-4p9g: Cisco IOS XE 22022-05-17
CVEList
CVE-2015-4291: Cisco IOS XE 22015-08-01

📋Vendor Advisories

1
Cisco
Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability2015-07-30
CVE-2015-4291 — Cisco IOS XE vulnerability | cvebase