ID CVE-2015-0688
Summary Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.
References
Vulnerable Configurations
  • cpe:2.3:o:cisco:ios_xe:13.10.2s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:13.10.2s:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:asr_1001:*:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:asr_1001:*:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:asr_1001-x:*:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:asr_1001-x:*:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:asr_1002:*:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:asr_1002:*:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:asr_1002-x:*:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:asr_1002-x:*:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:asr_1004:*:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:asr_1004:*:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:asr_1006:*:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:asr_1006:*:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:asr_1013:*:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:asr_1013:*:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 29-09-2015 - 19:27)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
refmap via4
cisco 20150403 Cisco ASR1000 Series Routers ESP Module Denial of Service Vulnerability
sectrack 1032023
Last major update 29-09-2015 - 19:27
Published 04-04-2015 - 01:59
Last modified 29-09-2015 - 19:27
Back to Top