CVE-2015-0688

Published: Apr 4, 2015Modified: May 6, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.

Affected (1)

Products: Cisco: Ios Xe

Cisco

1 product

Ios Xe

Configuration A

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 13.10.2s

Running on/with	Platform Versions
Cisco Asr 1001	All versions
Cisco Asr 1001 X	All versions
Cisco Asr 1002	All versions
Cisco Asr 1002 X	All versions
Cisco Asr 1004	All versions
Cisco Asr 1006	All versions
Cisco Asr 1013	All versions

Related CWEs

CWE-399

References (4)

http://tools.cisco.com/security/center/viewAlert.x?alertId=38210

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1032023

Source: psirt@cisco.com

http://tools.cisco.com/security/center/viewAlert.x?alertId=38210

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1032023

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.