CVE-2015-6279Improper Input Validation in Cisco IOS

CWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.6%
top 31.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedSep 28
Latest updateMay 17

Description

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S allows remote attackers to cause a denial of service (device reload) via a malformed ND packet with the Cryptographically Generated Address (CGA) option, aka Bug ID CSCuo04400

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios92 versions+91
NVDcisco/ios_xe47 versions+46

🔴Vulnerability Details

2
GHSA
GHSA-f4v7-w5wp-p585: The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 122022-05-17
CVEList
CVE-2015-6279: The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 122015-09-28

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities2015-09-23
CVE-2015-6279 — Improper Input Validation in Cisco IOS | cvebase