PT-2015-2742 · Cisco · Cisco Asr 5000

Published

2015-08-22

Updated

2017-01-04

CVE-2015-6256

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Cisco ASR 5000 devices with software 19.0.M0.60828

Description The issue is caused by insufficient input validation in the software of Cisco ASR 5000 routers. This allows a remote attacker to cause a denial of service by restarting the OSPF process using crafted length fields in OSPF packet headers.

Recommendations For Cisco ASR 5000 devices with software 19.0.M0.60828, consider restricting access to the OSPF protocol until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-12107

CVE-2015-6256

Affected Products

Cisco Asr 5000

PT-2015-2742 · Cisco · Cisco Asr 5000

CVE-2015-6256

Weakness Enumeration

Related Identifiers

Affected Products

References · 4