CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
48.9%
A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ios_xe | 3.9.0as | cpe:2.3:o:cisco:ios_xe:3.9.0as:*:*:*:*:*:*:* |
cisco | ios_xe | 3.9.1s | cpe:2.3:o:cisco:ios_xe:3.9.1s:*:*:*:*:*:*:* |
cisco | ios_xe | 3.9.2s | cpe:2.3:o:cisco:ios_xe:3.9.2s:*:*:*:*:*:*:* |
cisco | ios_xe | 3.10.0s | cpe:2.3:o:cisco:ios_xe:3.10.0s:*:*:*:*:*:*:* |
cisco | ios_xe | 3.10.1s | cpe:2.3:o:cisco:ios_xe:3.10.1s:*:*:*:*:*:*:* |
cisco | ios_xe | 3.10.2as | cpe:2.3:o:cisco:ios_xe:3.10.2as:*:*:*:*:*:*:* |
cisco | ios_xe | 3.10.2s | cpe:2.3:o:cisco:ios_xe:3.10.2s:*:*:*:*:*:*:* |
cisco | ios_xe | 3.10.2ts | cpe:2.3:o:cisco:ios_xe:3.10.2ts:*:*:*:*:*:*:* |
cisco | ios_xe | 3.10.3s | cpe:2.3:o:cisco:ios_xe:3.10.3s:*:*:*:*:*:*:* |
cisco | ios_xe | 3.10.4s | cpe:2.3:o:cisco:ios_xe:3.10.4s:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
48.9%