Main Vulnerability Database SB2016062104

SB2016062104 - Denial of service when handling TCP packets in Cisco IOS and Cisco IOS XE

Published: June 21, 2016 Updated: October 5, 2016

Security Bulletin ID SB2016062104

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Denial of service (CVE-ID: CVE-2015-6289)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to an error when handling invalid TCP packets. A remote unauthenticated attacker can send multiple TCP packets to affected device and cause it to use all available memory resources.

Successful exploitation of this vulnerability will result in denial of service.

Note: this vulnerability was originally reported in OpenSSH service, however it affects other services as well.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-isr

SB2016062104 - Denial of service when handling TCP packets in Cisco IOS and Cisco IOS XE

Breakdown by Severity

Description

Remediation

References

Please verify you're human