CiscoCISCO-SA-20150831-CVE-2015-6274Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
56.0%
A vulnerability in the Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to the processing of excessive number of IPv4 packets that require fragmentation and reassembly. An attacker could exploit ths vulnerability by sending an excessive number of fragmented packets, causing high Cisco QuantumFlow Processor (QFP) CPU utilization in the Embedded Services Processor (ESP).
Cisco has confirmed the vulnerability; however, software updates are not available.
To exploit this vulnerability, the attacker must send an excessive number of fragmented packets to the targeted system, making exploitation more difficult in environments that restrict access from untrusted sources
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | asr_1000_series_software | any | cpe:2.3:a:cisco:asr_1000_series_software:any:*:*:*:*:*:*:* |
| cisco | asr_9904 | 1000_series_aggregation_services_routers | cpe:2.3:h:cisco:asr_9904:1000_series_aggregation_services_routers:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
56.0%