CVE-2015-6359

2015-12-1505:59:02

CWE-119

cisco

web.nvd.nist.gov

cisco

ios

vulnerability

nd protocol

denial of service

memory consumption

device crash

nvd

cve-2015-6359

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

High

EPSS

0.004

Percentile

74.8%

JSON

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217.

Affected configurations

Nvd

Node

ciscoiosMatch15.2\(4\)e

ciscoiosMatch15.2\(4\)pi

ciscoiosMatch15.2\(4\)st

ciscoiosMatch15.2\(5\)st

ciscoiosMatch15.3\(3\)s0.1

VendorProductVersionCPE
ciscoios15.2(4)ecpe:2.3:o:cisco:ios:15.2\(4\)e:*:*:*:*:*:*:*
ciscoios15.2(4)picpe:2.3:o:cisco:ios:15.2\(4\)pi:*:*:*:*:*:*:*
ciscoios15.2(4)stcpe:2.3:o:cisco:ios:15.2\(4\)st:*:*:*:*:*:*:*
ciscoios15.2(5)stcpe:2.3:o:cisco:ios:15.2\(5\)st:*:*:*:*:*:*:*
ciscoios15.3(3)s0.1cpe:2.3:o:cisco:ios:15.3\(3\)s0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	15.2(4)e	cpe:2.3:o:cisco:ios:15.2\(4\)e:::::::*
cisco	ios	15.2(4)pi	cpe:2.3:o:cisco:ios:15.2\(4\)pi:::::::*
cisco	ios	15.2(4)st	cpe:2.3:o:cisco:ios:15.2\(4\)st:::::::*
cisco	ios	15.2(5)st	cpe:2.3:o:cisco:ios:15.2\(5\)st:::::::*
cisco	ios	15.3(3)s0.1	cpe:2.3:o:cisco:ios:15.3\(3\)s0.1:::::::*