CVE-2015-6271Cisco IOS XE vulnerability

CWE-3995 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedAug 31
Latest updateMay 17

Description

Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and CSCta77008.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios_xe16 versions+15

🔴Vulnerability Details

2
GHSA
GHSA-q5mh-wr5x-96r8: Cisco IOS XE 22022-05-17
CVEList
CVE-2015-6271: Cisco IOS XE 22015-08-31

💥Exploits & PoCs

2
Exploit-DB
QNAP - Admin Shell via Bash Environment Variable Code Injection (Metasploit)2015-03-26
Exploit-DB
QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection (Metasploit)2015-03-26
CVE-2015-6271 — Cisco IOS XE vulnerability | cvebase