What is the severity of CVE-2015-0646?

CVE-2015-0646 has a high severity rating because it allows remote attackers to cause memory consumption or device reload, leading to a denial of service.

How do I fix CVE-2015-0646?

To fix CVE-2015-0646, upgrade to Cisco IOS or IOS XE versions that are patched against this vulnerability.

Which Cisco products are affected by CVE-2015-0646?

CVE-2015-0646 affects multiple versions of Cisco IOS 12.2, 12.4, and 15.x, as well as Cisco IOS XE versions before 3.12.3S.

What type of vulnerability is CVE-2015-0646?

CVE-2015-0646 is a denial of service vulnerability caused by a memory leak in the TCP input module.

Can CVE-2015-0646 be exploited remotely?

Yes, CVE-2015-0646 can be exploited remotely, making it particularly critical for network security.

Vulnerability/
CVE-2015-0646

high

7.8

CWE

399

26/3/2015

12/5/2017

CVE-2015-0646

First published: Thu Mar 26 2015(Updated: )

Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco IOS XE Web UI	=3.3xo.0
Cisco IOS XE Web UI	=3.3xo.1
Cisco IOS XE Web UI	=3.3xo.2
Cisco IOS XE Web UI	=3.5e.0
Cisco IOS XE Web UI	=3.5e.1
Cisco IOS XE Web UI	=3.5e.2
Cisco IOS XE Web UI	=3.5e.3
Cisco IOS XE Web UI	=3.6e.0
Cisco IOS XE Web UI	=3.6e.1
Cisco IOS XE Web UI	=3.8s.0
Cisco IOS XE Web UI	=3.8s.1
Cisco IOS XE Web UI	=3.8s.2
Cisco IOS XE Web UI	=3.8s_base
Cisco IOS XE Web UI	=3.9s.0
Cisco IOS XE Web UI	=3.9s.1
Cisco IOS XE Web UI	=3.9s.2
Cisco IOS XE Web UI	=3.10s.0
Cisco IOS XE Web UI	=3.10s.0a
Cisco IOS XE Web UI	=3.10s.1
Cisco IOS XE Web UI	=3.10s.2
Cisco IOS XE Web UI	=3.10s.3
Cisco IOS XE Web UI	=3.10s.4
Cisco IOS XE Web UI	=3.11s.0
Cisco IOS XE Web UI	=3.11s.1
Cisco IOS XE Web UI	=3.11s.2
Cisco IOS XE Web UI	=3.11s.3
Cisco IOS XE Web UI	=3.11s.4
Cisco IOS XE Web UI	=3.12s.0
Cisco IOS XE Web UI	=3.12s.1
Cisco IOS	=12.2
Cisco IOS	=12.4
Cisco IOS	=15.0
Cisco IOS	=15.1
Cisco IOS	=15.2
Cisco IOS	=15.3
Cisco IOS	=15.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-0646?
CVE-2015-0646 has a high severity rating because it allows remote attackers to cause memory consumption or device reload, leading to a denial of service.
How do I fix CVE-2015-0646?
To fix CVE-2015-0646, upgrade to Cisco IOS or IOS XE versions that are patched against this vulnerability.
Which Cisco products are affected by CVE-2015-0646?
CVE-2015-0646 affects multiple versions of Cisco IOS 12.2, 12.4, and 15.x, as well as Cisco IOS XE versions before 3.12.3S.
What type of vulnerability is CVE-2015-0646?
CVE-2015-0646 is a denial of service vulnerability caused by a memory leak in the TCP input module.
Can CVE-2015-0646 be exploited remotely?
Yes, CVE-2015-0646 can be exploited remotely, making it particularly critical for network security.

agent/type
agent/tags
agent/first-publish-date
agent/event
agent/softwarecombine
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/references
agent/severity
agent/weakness
agent/author
agent/description
vendor/cisco
canonical/cisco ios xe web ui
version/cisco ios xe web ui/3.3xo.0
version/cisco ios xe web ui/3.3xo.1
version/cisco ios xe web ui/3.3xo.2
version/cisco ios xe web ui/3.5e.0
version/cisco ios xe web ui/3.5e.1
version/cisco ios xe web ui/3.5e.2
version/cisco ios xe web ui/3.5e.3
version/cisco ios xe web ui/3.6e.0
version/cisco ios xe web ui/3.6e.1
version/cisco ios xe web ui/3.8s.0
version/cisco ios xe web ui/3.8s.1
version/cisco ios xe web ui/3.8s.2
version/cisco ios xe web ui/3.8s_base
version/cisco ios xe web ui/3.9s.0
version/cisco ios xe web ui/3.9s.1
version/cisco ios xe web ui/3.9s.2
version/cisco ios xe web ui/3.10s.0
version/cisco ios xe web ui/3.10s.0a
version/cisco ios xe web ui/3.10s.1
version/cisco ios xe web ui/3.10s.2
version/cisco ios xe web ui/3.10s.3
version/cisco ios xe web ui/3.10s.4
version/cisco ios xe web ui/3.11s.0
version/cisco ios xe web ui/3.11s.1
version/cisco ios xe web ui/3.11s.2
version/cisco ios xe web ui/3.11s.3
version/cisco ios xe web ui/3.11s.4
version/cisco ios xe web ui/3.12s.0
version/cisco ios xe web ui/3.12s.1
canonical/cisco ios
version/cisco ios/12.2
version/cisco ios/12.4
version/cisco ios/15.0
version/cisco ios/15.1
version/cisco ios/15.2
version/cisco ios/15.3
version/cisco ios/15.4

Frequently Asked Questions

What is the severity of CVE-2015-0646?
CVE-2015-0646 has a high severity rating because it allows remote attackers to cause memory consumption or device reload, leading to a denial of service.
How do I fix CVE-2015-0646?
To fix CVE-2015-0646, upgrade to Cisco IOS or IOS XE versions that are patched against this vulnerability.
Which Cisco products are affected by CVE-2015-0646?
CVE-2015-0646 affects multiple versions of Cisco IOS 12.2, 12.4, and 15.x, as well as Cisco IOS XE versions before 3.12.3S.
What type of vulnerability is CVE-2015-0646?
CVE-2015-0646 is a denial of service vulnerability caused by a memory leak in the TCP input module.
Can CVE-2015-0646 be exploited remotely?
Yes, CVE-2015-0646 can be exploited remotely, making it particularly critical for network security.

CVE-2015-0646

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-0646?

How do I fix CVE-2015-0646?

Which Cisco products are affected by CVE-2015-0646?

What type of vulnerability is CVE-2015-0646?

Can CVE-2015-0646 be exploited remotely?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-0646?

How do I fix CVE-2015-0646?

Which Cisco products are affected by CVE-2015-0646?

What type of vulnerability is CVE-2015-0646?

Can CVE-2015-0646 be exploited remotely?