CVE-2015-6278

EPSS 0.58%
Veröffentlicht 28.09.2015 02:59:09
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S does not properly implement the Control Plane Protection (aka CPPr) feature, which allows remote attackers to cause a denial of service (device reload) via a flood of ND packets, aka Bug ID CSCus19794.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ios Xe Version3.2se.0

Cisco ≫ Ios Xe Version3.2se.1

Cisco ≫ Ios Xe Version3.2se.2

Cisco ≫ Ios Xe Version3.2se.3

Cisco ≫ Ios Xe Version3.3se.0

Cisco ≫ Ios Xe Version3.3se.1

Cisco ≫ Ios Xe Version3.3se.2

Cisco ≫ Ios Xe Version3.3se.3

Cisco ≫ Ios Xe Version3.3se.4

Cisco ≫ Ios Xe Version3.3se.5

Cisco ≫ Ios Xe Version3.3xo.0

Cisco ≫ Ios Xe Version3.3xo.1

Cisco ≫ Ios Xe Version3.3xo.2

Cisco ≫ Ios Xe Version3.4sg.0

Cisco ≫ Ios Xe Version3.4sg.1

Cisco ≫ Ios Xe Version3.4sg.2

Cisco ≫ Ios Xe Version3.4sg.3

Cisco ≫ Ios Xe Version3.4sg.4

Cisco ≫ Ios Xe Version3.4sg.5

Cisco ≫ Ios Xe Version3.4sg.6

Cisco ≫ Ios Xe Version3.5e.0

Cisco ≫ Ios Xe Version3.5e.1

Cisco ≫ Ios Xe Version3.5e.2

Cisco ≫ Ios Xe Version3.5e.3

Cisco ≫ Ios Xe Version3.6e.0

Cisco ≫ Ios Xe Version3.6e.0a

Cisco ≫ Ios Xe Version3.6e.0b

Cisco ≫ Ios Xe Version3.6e.1

Cisco ≫ Ios Xe Version3.6e.2

Cisco ≫ Ios Xe Version3.6e.2a

Cisco ≫ Ios Xe Version3.7e.0

Cisco ≫ Ios Xe Version3.7e.1

Cisco ≫ Ios Xe Version3.9s.0

Cisco ≫ Ios Xe Version3.9s.1

Cisco ≫ Ios Xe Version3.9s.2

Cisco ≫ Ios Xe Version3.10s.0

Cisco ≫ Ios Xe Version3.10s.0a

Cisco ≫ Ios Xe Version3.10s.01

Cisco ≫ Ios Xe Version3.10s.1

Cisco ≫ Ios Xe Version3.10s.2

Cisco ≫ Ios Xe Version3.10s.3

Cisco ≫ Ios Xe Version3.10s.4

Cisco ≫ Ios Xe Version3.10s.5

Cisco ≫ Ios Xe Version3.11s.0

Cisco ≫ Ios Xe Version3.11s.1

Cisco ≫ Ios Xe Version3.11s.2

Cisco ≫ Ios Xe Version3.11s.3

Cisco ≫ Ios Xe Version3.12s.0

Cisco ≫ Ios Xe Version3.12s.1

Cisco ≫ Ios Xe Version3.12s.2

Cisco ≫ Ios Xe Version3.12s.3

Cisco ≫ Ios Xe Version3.13s.0

Cisco ≫ Ios Xe Version3.13s.1

Cisco ≫ Ios Xe Version3.13s.2

Cisco ≫ Ios Xe Version3.14s.0

Cisco ≫ Ios Xe Version3.14s.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.679

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs/cvrf/cisco-sa-20150923-fhs_cvrf.xml

Vendor Advisory

http://www.securitytracker.com/id/1033647

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2015-6278

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-6278

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-6278

EUVD