Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0646

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2015-0646
Last Modified 04 Sep 2015 02:57:19
Published 26 Mar 2015 06:59:11
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0646

Summary

Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811.

Vulnerable Systems

Operating System

  • Cisco Ios 12.2

  • Cisco Ios 12.4

  • Cisco Ios 15.0

  • Cisco Ios 15.1

  • Cisco Ios 15.2

  • Cisco Ios 15.3

  • Cisco Ios 15.4

  • Cisco Ios Xe 3.10s.0

  • Cisco Ios Xe 3.10s.0a

  • Cisco Ios Xe 3.10s.1

  • Cisco Ios Xe 3.10s.2

  • Cisco Ios Xe 3.10s.3

  • Cisco Ios Xe 3.10s.4

  • Cisco Ios Xe 3.11s.0

  • Cisco Ios Xe 3.11s.1

  • Cisco Ios Xe 3.11s.2

  • Cisco Ios Xe 3.11s.3

  • Cisco Ios Xe 3.11s.4

  • Cisco Ios Xe 3.12s.0

  • Cisco Ios Xe 3.12s.1

  • Cisco Ios Xe 3.3xo.0

  • Cisco Ios Xe 3.3xo.1

  • Cisco Ios Xe 3.3xo.2

  • Cisco Ios Xe 3.5e.0

  • Cisco Ios Xe 3.5e.1

  • Cisco Ios Xe 3.5e.2

  • Cisco Ios Xe 3.5e.3

  • Cisco Ios Xe 3.6e.0

  • Cisco Ios Xe 3.6e.1

  • Cisco Ios Xe 3.8s Base

  • Cisco Ios Xe 3.8s.0

  • Cisco Ios Xe 3.8s.1

  • Cisco Ios Xe 3.8s.2

  • Cisco Ios Xe 3.9s.0

  • Cisco Ios Xe 3.9s.1

  • Cisco Ios Xe 3.9s.2


References

CISCO - 20150325 Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability

SECTRACK - 1031980


Last Updated: 27 May 2016 11:08:14