Vulnerability Description
The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xr | 5.1.2 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=40068Vendor Advisory
- http://www.securitytracker.com/id/1033043
- http://tools.cisco.com/security/center/viewAlert.x?alertId=40068Vendor Advisory
- http://www.securitytracker.com/id/1033043
FAQ
What is CVE-2015-4285?
CVE-2015-4285 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the pr...
How severe is CVE-2015-4285?
CVE-2015-4285 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4285?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xr.