Vulnerabilities > CVE-2015-4285 - Resource Management Errors vulnerability in Cisco IOS XR

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

cisco

CWE-399

NVD

Published: 2015-07-23

Updated: 2015-09-03

Summary

The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XR 5.1.2 Cisco IOS XR 5.1.3 Cisco IOS XR 5.2.1 Cisco IOS XR 5.2.2	4

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=40068
http://www.securitytracker.com/id/1033043