Lucene search

K
ciscoCiscoCISCO-SA-20150622-CVE-2015-4200
HistoryJun 22, 2015 - 2:53 p.m.

Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability

2015-06-2214:53:40
tools.cisco.com
24
cisco
ios
ubr devices
ipv6
ipv4
subsystem
denial of service
vulnerability
unauthenticated
remote attacker
memory leak
performance routing engine
customer premises equipment
cpe
software updates
cvss score
exploit code

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.003

Percentile

65.8%

A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a standby Performance Routing Engine (PRE) to leak a small portion of memory on a targeted system, resulting in a denial of service (DoS) condition.

The vulnerability is due to a failure to free a portion of memory allocated to store the IPv6 address of a connecting customer premises equipment (CPE) device when a specific error condition is encountered. An attacker who can trigger a specific type of failed CPE negotiation could cause the standby PRE to leak a small portion of memory, resulting in a DoS condition.

Cisco has confirmed the vulnerability and released software updates.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.003

Percentile

65.8%

Related for CISCO-SA-20150622-CVE-2015-4200