← Back

CVE-2015-6273

nvd nist
Published: Aug 29, 2015Modified: May 6, 2026

JSON object

Loading...
7.8
Vector
AV:N/AC:L/Au:N/C:N/I:N/A:C
Exploitability: 10.0 / Impact: 6.9
Source: NVD

Description

Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623.

Affected (5)

Products: Cisco: Ios Xe
Cisco
1 product
Ios Xe
Configuration A
5 vulnerable · 7 platform
Vulnerable SoftwareAffected Versions
Cisco
Ios Xe
Version 2.2.1
Ios Xe
Version 2.2.2
Ios Xe
Version 2.2.3
Ios Xe
Version 3.1.0s
Ios Xe
Version 3.1.1s
Running on/withPlatform Versions
Cisco
Asr 1001
All versions
Cisco
Asr 1001 X
All versions
Cisco
Asr 1002
All versions
Cisco
Asr 1002 X
All versions
Cisco
Asr 1004
All versions
Cisco
Asr 1006
All versions
Cisco
Asr 1013
All versions

Related CWEs

CWE-399
CWE-399

References (4)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.