Cisco IOS XE Software IPv6 Neighbor Discovery DoS (CSCup28217)

medium Nessus Plugin ID 87504

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The remote Cisco IOS XE device is missing a vendor-supplied security patch, and is not configured to limit the IPv6 neighbor discovery (ND) cache. It is, therefore, affected by a denial of service vulnerability due to insufficient bounds on internal tables. An unauthenticated, adjacent attacker can exploit this, via a continuous stream of ND messages, to exhaust available memory resources, resulting in a denial of service condition.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCup28217.

See Also

http://www.nessus.org/u?dba1bec0

https://tools.cisco.com/bugsearch/bug/CSCup28217

Plugin Details

Severity: Medium

ID: 87504

File Name: cisco-sa-20151214-iosxe.nasl

Version: 1.12

Type: combined

Family: CISCO

Published: 12/18/2015

Updated: 5/3/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version, Host/Cisco/IOS-XE/Model

Exploit Ease: No known exploits are available

Patch Publication Date: 12/14/2015

Vulnerability Publication Date: 12/14/2015

Reference Information

CVE: CVE-2015-6359

BID: 79200

CISCO-SA: cisco-sa-20151214-ios

CISCO-BUG-ID: CSCup28217