CVE-2015-4275 : The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices wi

The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534.

Published 2015-07-16 19:59:02

Updated 2017-09-22 01:29:16

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-4275

Cisco » Asr 5000 Series Software » Version: 18.0.0.59167
cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.59167:*:*:*:*:*:*:*
Matching versions
Cisco » Asr 5000 Series Software » Version: 18.0.0.59211
cpe:2.3:a:cisco:asr_5000_series_software:18.0.0.59211:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-4275

EPSS FAQ

0.92%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-4275

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2015-4275

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-4275

http://www.securitytracker.com/id/1032984

Cisco ASR 5000 Router GTPv2 Input Validation Flaw Lets Remote Users Deny Service - SecurityTracker
http://tools.cisco.com/security/center/viewAlert.x?alertId=39934

Cisco Packet Data Network Gateway GTPv2 Tunnel Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2015-4275

Products affected by CVE-2015-4275

Exploit prediction scoring system (EPSS) score for CVE-2015-4275

CVSS scores for CVE-2015-4275

CWE ids for CVE-2015-4275

References for CVE-2015-4275