Main Vulnerability Database Vulnerabilities #VU16

Denial of service - CVE-2015-6289

Published: June 21, 2016 / Updated: October 5, 2016

Vulnerability identifier: #VU16

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-6289

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to an error when handling invalid TCP packets. A remote unauthenticated attacker can send multiple TCP packets to affected device and cause it to use all available memory resources.

Successful exploitation of this vulnerability will result in denial of service.

Note: this vulnerability was originally reported in OpenSSH service, however it affects other services as well.

How to mitigate CVE-2015-6289

Cybersecurity Help is not aware of any official solution to address this vulnerability.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-isr

Denial of service - CVE-2015-6289

Detailed vulnerability description

How to mitigate CVE-2015-6289

Sources

Please verify you're human