CVE-2015-6359 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 52.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedDec 15
Latest updateMay 17

Description

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages1 packages

β–ΆNVDcisco/ios5 versions+4

πŸ”΄Vulnerability Details

2
GHSA
GHSA-pm63-3g3f-98wc: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15β†—2022-05-17
β–Ά
CVEList
CVE-2015-6359: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15β†—2015-12-15
β–Ά

πŸ“‹Vendor Advisories

1
Cisco
Cisco IOS XE Software IPv6 Neighbor Discovery Denial of Service Vulnerability↗2015-12-14
β–Ά
CVE-2015-6359 β€” Cisco IOS vulnerability | cvebase