CVE-2015-4285

Published: Jul 23, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273.

Affected (4)

Products: Cisco: Ios Xr

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios Xr	Version 5.1.2
Cisco Ios Xr	Version 5.1.3
Cisco Ios Xr	Version 5.2.1
Cisco Ios Xr	Version 5.2.2

Related CWEs

References (4)

http://tools.cisco.com/security/center/viewAlert.x?alertId=40068

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1033043

Source: psirt@cisco.com

http://tools.cisco.com/security/center/viewAlert.x?alertId=40068

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1033043

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.