CVE-2015-0639

Published: Mar 26, 2015Modified: May 6, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, when MMON or NBAR is enabled, allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets with IPv4 UDP encapsulation, aka Bug ID CSCua79665.

Affected (11)

Products: Cisco: Ios Xe

Cisco

1 product

Ios Xe

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 3.6s.0
Cisco Ios Xe	Version 3.6s.1
Cisco Ios Xe	Version 3.6s.2
Cisco Ios Xe	Version 3.6s
Cisco Ios Xe	Version 3.7s.0
Cisco Ios Xe	Version 3.7s.1
Cisco Ios Xe	Version 3.7s.2
Cisco Ios Xe	Version 3.7s.3
Cisco Ios Xe	Version 3.7s.4
Cisco Ios Xe	Version 3.7s.5
Cisco Ios Xe	Version 3.7s

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1031981

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1031981

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.