CVE-2015-6263 — Cisco IOS vulnerability

CWE-3998 documents6 sources

Severity

6.3MEDIUMNVD

OSV7.5

EPSS

0.3%

top 46.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libidn Cisco IOS

Timeline

PublishedOct 12

Latest updateMay 17

Description

The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 6.8 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/ios15.4\(3\)m2.2

▶Ubuntugnu/libidn< 1.28-1ubuntu2.1+1

🔴Vulnerability Details

GHSA

GHSA-p3c9-4fvw-5262: The RADIUS client implementation in Cisco IOS 15↗2022-05-17

▶

OSV

libidn vulnerabilities↗2016-08-24

▶

CVEList

CVE-2015-6263: The RADIUS client implementation in Cisco IOS 15↗2015-10-12

▶

📋Vendor Advisories

Cisco

Cisco IOS Software RADIUS Client Denial of Service Vulnerability↗2015-10-06

▶