CVE-2015-6256

Name of the Vulnerable Software and Affected Versions Cisco ASR 5000 devices with software 19.0.M0.60828

Description The issue is caused by insufficient input validation in the software of Cisco ASR 5000 routers. This allows a remote attacker to cause a denial of service by restarting the OSPF process using crafted length fields in OSPF packet headers.

Recommendations For Cisco ASR 5000 devices with software 19.0.M0.60828, consider restricting access to the OSPF protocol until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.