CVE-2015-0642: Input Validation
First published: Thu Mar 26 2015(Updated: )
Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE Software | =2.5.0 | |
| Cisco IOS XE Software | =2.5.1 | |
| Cisco IOS XE Software | =3.1s.0 | |
| Cisco IOS XE Software | =3.1s.1 | |
| Cisco IOS XE Software | =3.1s.2 | |
| Cisco IOS XE Software | =3.1s.3 | |
| Cisco IOS XE Software | =3.1s.4 | |
| Cisco IOS XE Software | =3.2s.0 | |
| Cisco IOS XE Software | =3.2s.1 | |
| Cisco IOS XE Software | =3.2s.2 | |
| Cisco IOS XE Software | =3.3s.0 | |
| Cisco IOS XE Software | =3.3s.1 | |
| Cisco IOS XE Software | =3.3s.2 | |
| Cisco IOS XE Software | =3.3sg.0 | |
| Cisco IOS XE Software | =3.3sg.1 | |
| Cisco IOS XE Software | =3.3sg.2 | |
| Cisco IOS XE Software | =3.3xo.0 | |
| Cisco IOS XE Software | =3.3xo.1 | |
| Cisco IOS XE Software | =3.3xo.2 | |
| Cisco IOS XE Software | =3.4s.0 | |
| Cisco IOS XE Software | =3.4s.1 | |
| Cisco IOS XE Software | =3.4s.2 | |
| Cisco IOS XE Software | =3.4s.3 | |
| Cisco IOS XE Software | =3.4s.4 | |
| Cisco IOS XE Software | =3.4s.5 | |
| Cisco IOS XE Software | =3.4s.6 | |
| Cisco IOS XE Software | =3.4sg.0 | |
| Cisco IOS XE Software | =3.4sg.1 | |
| Cisco IOS XE Software | =3.4sg.2 | |
| Cisco IOS XE Software | =3.4sg.3 | |
| Cisco IOS XE Software | =3.4sg.4 | |
| Cisco IOS XE Software | =3.4sg.5 | |
| Cisco IOS XE Software | =3.5e.0 | |
| Cisco IOS XE Software | =3.5e.1 | |
| Cisco IOS XE Software | =3.5e.2 | |
| Cisco IOS XE Software | =3.5e.3 | |
| Cisco IOS XE Software | =3.5s.0 | |
| Cisco IOS XE Software | =3.5s.1 | |
| Cisco IOS XE Software | =3.5s_base | |
| Cisco IOS XE Software | =3.6e.0 | |
| Cisco IOS XE Software | =3.6e.1 | |
| Cisco IOS XE Software | =3.6s.0 | |
| Cisco IOS XE Software | =3.6s.1 | |
| Cisco IOS XE Software | =3.6s.2 | |
| Cisco IOS XE Software | =3.6s_base | |
| Cisco IOS XE Software | =3.7e.0 | |
| Cisco IOS XE Software | =3.7s.0 | |
| Cisco IOS XE Software | =3.7s.1 | |
| Cisco IOS XE Software | =3.7s.2 | |
| Cisco IOS XE Software | =3.7s.3 | |
| Cisco IOS XE Software | =3.7s.4 | |
| Cisco IOS XE Software | =3.7s.5 | |
| Cisco IOS XE Software | =3.7s.6 | |
| Cisco IOS XE Software | =3.7s_base | |
| Cisco IOS XE Software | =3.8s.0 | |
| Cisco IOS XE Software | =3.8s.1 | |
| Cisco IOS XE Software | =3.8s.2 | |
| Cisco IOS XE Software | =3.8s_base | |
| Cisco IOS XE Software | =3.9s.0 | |
| Cisco IOS XE Software | =3.9s.1 | |
| Cisco IOS XE Software | =3.9s.2 | |
| Cisco IOS XE Software | =3.10s.0 | |
| Cisco IOS XE Software | =3.10s.0a | |
| Cisco IOS XE Software | =3.10s.1 | |
| Cisco IOS XE Software | =3.10s.2 | |
| Cisco IOS XE Software | =3.10s.3 | |
| Cisco IOS XE Software | =3.10s.4 | |
| Cisco IOS XE Software | =3.10s.5 | |
| Cisco IOS XE Software | =3.11s.0 | |
| Cisco IOS XE Software | =3.11s.1 | |
| Cisco IOS XE Software | =3.11s.2 | |
| Cisco IOS XE Software | =3.11s.3 | |
| Cisco IOS XE Software | =3.12s.0 | |
| Cisco IOS XE Software | =3.12s.1 | |
| Cisco IOS XE Software | =3.12s.2 | |
| Cisco IOS XE Software | =3.13s.0 | |
| Cisco IOS XE Software | =3.13s.1 | |
| Cisco IOS | =12.2 | |
| Cisco IOS | =12.4 | |
| Cisco IOS | =15.0 | |
| Cisco IOS | =15.1 | |
| Cisco IOS | =15.2 | |
| Cisco IOS | =15.3 | |
| Cisco IOS | =15.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0642?
CVE-2015-0642 is classified as a high severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2015-0642?
To fix CVE-2015-0642, you should upgrade to the patched versions of the Cisco IOS or IOS XE software as recommended in the security advisory.
Which versions are affected by CVE-2015-0642?
CVE-2015-0642 affects Cisco IOS versions 12.2, 12.4, 15.0 through 15.4, and various 3.x versions of IOS XE.
What type of attack does CVE-2015-0642 facilitate?
CVE-2015-0642 allows remote attackers to send malformed IKEv2 packets that can lead to device reloads and service disruption.
Are there any workarounds for CVE-2015-0642?
Currently, there are no documented workarounds for CVE-2015-0642, and upgrading is the recommended action.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios xe
- version/cisco ios xe/2.5.0
- version/cisco ios xe/2.5.1
- version/cisco ios xe/3.1s.0
- version/cisco ios xe/3.1s.1
- version/cisco ios xe/3.1s.2
- version/cisco ios xe/3.1s.3
- version/cisco ios xe/3.1s.4
- version/cisco ios xe/3.2s.0
- version/cisco ios xe/3.2s.1
- version/cisco ios xe/3.2s.2
- version/cisco ios xe/3.3s.0
- version/cisco ios xe/3.3s.1
- version/cisco ios xe/3.3s.2
- version/cisco ios xe/3.3sg.0
- version/cisco ios xe/3.3sg.1
- version/cisco ios xe/3.3sg.2
- version/cisco ios xe/3.3xo.0
- version/cisco ios xe/3.3xo.1
- version/cisco ios xe/3.3xo.2
- version/cisco ios xe/3.4s.0
- version/cisco ios xe/3.4s.1
- version/cisco ios xe/3.4s.2
- version/cisco ios xe/3.4s.3
- version/cisco ios xe/3.4s.4
- version/cisco ios xe/3.4s.5
- version/cisco ios xe/3.4s.6
- version/cisco ios xe/3.4sg.0
- version/cisco ios xe/3.4sg.1
- version/cisco ios xe/3.4sg.2
- version/cisco ios xe/3.4sg.3
- version/cisco ios xe/3.4sg.4
- version/cisco ios xe/3.4sg.5
- version/cisco ios xe/3.5e.0
- version/cisco ios xe/3.5e.1
- version/cisco ios xe/3.5e.2
- version/cisco ios xe/3.5e.3
- version/cisco ios xe/3.5s.0
- version/cisco ios xe/3.5s.1
- version/cisco ios xe/3.5s_base
- version/cisco ios xe/3.6e.0
- version/cisco ios xe/3.6e.1
- version/cisco ios xe/3.6s.0
- version/cisco ios xe/3.6s.1
- version/cisco ios xe/3.6s.2
- version/cisco ios xe/3.6s_base
- version/cisco ios xe/3.7e.0
- version/cisco ios xe/3.7s.0
- version/cisco ios xe/3.7s.1
- version/cisco ios xe/3.7s.2
- version/cisco ios xe/3.7s.3
- version/cisco ios xe/3.7s.4
- version/cisco ios xe/3.7s.5
- version/cisco ios xe/3.7s.6
- version/cisco ios xe/3.7s_base
- version/cisco ios xe/3.8s.0
- version/cisco ios xe/3.8s.1
- version/cisco ios xe/3.8s.2
- version/cisco ios xe/3.8s_base
- version/cisco ios xe/3.9s.0
- version/cisco ios xe/3.9s.1
- version/cisco ios xe/3.9s.2
- version/cisco ios xe/3.10s.0
- version/cisco ios xe/3.10s.0a
- version/cisco ios xe/3.10s.1
- version/cisco ios xe/3.10s.2
- version/cisco ios xe/3.10s.3
- version/cisco ios xe/3.10s.4
- version/cisco ios xe/3.10s.5
- version/cisco ios xe/3.11s.0
- version/cisco ios xe/3.11s.1
- version/cisco ios xe/3.11s.2
- version/cisco ios xe/3.11s.3
- version/cisco ios xe/3.12s.0
- version/cisco ios xe/3.12s.1
- version/cisco ios xe/3.12s.2
- version/cisco ios xe/3.13s.0
- version/cisco ios xe/3.13s.1
- canonical/cisco ios
- version/cisco ios/12.2
- version/cisco ios/12.4
- version/cisco ios/15.0
- version/cisco ios/15.1
- version/cisco ios/15.2
- version/cisco ios/15.3
- version/cisco ios/15.4