CVE-2015-4293Cisco IOS XE vulnerability

CWE-3994 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 35.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedJul 30
Latest updateMay 17

Description

The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios_xe29 versions+28

🔴Vulnerability Details

2
GHSA
GHSA-v8cg-fx28-fcq5: The packet-reassembly implementation in Cisco IOS XE 32022-05-17
CVEList
CVE-2015-4293: The packet-reassembly implementation in Cisco IOS XE 32015-07-30

📋Vendor Advisories

1
Cisco
Cisco IOS-XE Fragmented Packet Resource Consumption Vulnerability2015-07-29
CVE-2015-4293 — Cisco IOS XE vulnerability | cvebase