CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
74.8%
A vulnerability in the IPv6 neighbor discovery (ND) handling of Cisco IOS XE Software on ASR platforms could allow an unauthenticated, adjacent attacker to cause an affected device to crash.
The vulnerability is due to insufficient bounds on internal tables. An attacker could exploit this vulnerability by flooding an adjacent IOS XE device with specific ND messages. An exploit could allow the attacker to deplete the available memory, possibly causing an affected device to crash.
Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ios[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ios”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | cisco_ios | 3.14s | cpe:2.3:o:cisco:cisco_ios:3.14s:xe:*:*:*:*:*:* |
cisco | cisco_ios | 3.15s | cpe:2.3:o:cisco:cisco_ios:3.15s:xe:*:*:*:*:*:* |
cisco | cisco_ios | 3.16s | cpe:2.3:o:cisco:cisco_ios:3.16s:xe:*:*:*:*:*:* |
cisco | cisco_ios | 3.14.0s | cpe:2.3:o:cisco:cisco_ios:3.14.0s:xe:*:*:*:*:*:* |
cisco | cisco_ios | 3.14.1s | cpe:2.3:o:cisco:cisco_ios:3.14.1s:xe:*:*:*:*:*:* |
cisco | cisco_ios | 3.14.2s | cpe:2.3:o:cisco:cisco_ios:3.14.2s:xe:*:*:*:*:*:* |
cisco | cisco_ios | 3.14.3s | cpe:2.3:o:cisco:cisco_ios:3.14.3s:xe:*:*:*:*:*:* |
cisco | cisco_ios | 3.14.4s | cpe:2.3:o:cisco:cisco_ios:3.14.4s:xe:*:*:*:*:*:* |
cisco | cisco_ios | 3.15.0s | cpe:2.3:o:cisco:cisco_ios:3.15.0s:xe:*:*:*:*:*:* |
cisco | cisco_ios | 3.15.1s | cpe:2.3:o:cisco:cisco_ios:3.15.1s:xe:*:*:*:*:*:* |