CVE-2015-6432Cisco IOS XR vulnerability

CWE-3994 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedJan 5
Latest updateMay 17

Description

Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcisco/ios_xr9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-cxmr-8vfq-vhfr: Cisco IOS XR 42022-05-17
CVEList
CVE-2015-6432: Cisco IOS XR 42016-01-05

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability2016-01-04
CVE-2015-6432 — Cisco IOS XR vulnerability | cvebase