Vulnerabilities > CVE-2015-6273 - Resource Management Errors vulnerability in Cisco IOS XE

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-399

NVD

Published: 2015-08-29

Updated: 2017-09-20

Summary

Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XE 2.2.1 Cisco IOS XE 2.2.2 Cisco IOS XE 2.2.3 Cisco IOS XE 3.1.0S Cisco IOS XE 3.1.1S	5
Hardware	Cisco Cisco ASR 1001 - Cisco ASR 1001 X - Cisco ASR 1002 - Cisco ASR 1002 X - Cisco ASR 1004 - Cisco ASR 1006 - Cisco ASR 1013 -	7

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References