CVE-2015-6273Cisco IOS XE vulnerability

CWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedAug 29
Latest updateMay 17

Description

Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios_xe5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-p5j7-x6wq-vh9r: Cisco IOS XE before 32022-05-17
CVEList
CVE-2015-6273: Cisco IOS XE before 32015-08-29

📋Vendor Advisories

1
Citrix
CVE-2016-6273: The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server2016-10-07
CVE-2015-6273 — Cisco IOS XE vulnerability | cvebase