Vulnerability Details : CVE-2015-4203
Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396.
Vulnerability category: Denial of service
Products affected by CVE-2015-4203
- cpe:2.3:o:cisco:ios:12.2sch:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.2\(33\)sch:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4203
0.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4203
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.4
|
MEDIUM | AV:N/AC:H/Au:N/C:N/I:N/A:C |
4.9
|
6.9
|
NIST |
CWE ids for CVE-2015-4203
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4203
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=39439
Cisco IOS Software UBR Devices IPv6 VPN Multiprotocol Label Switching Denial of Service VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/75339
Cisco IOS Software CVE-2015-4203 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1032692
Cisco uBR Universal Broadband Router Bugs Let Remote or Remote Authenticated Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
Jump to