What is the severity of CVE-2015-0650?

CVE-2015-0650 has been classified as a medium severity vulnerability due to its potential to cause denial of service.

How do I fix CVE-2015-0650?

To fix CVE-2015-0650, upgrade your Cisco IOS or IOS XE software to the patched versions indicated in the advisory.

What systems are affected by CVE-2015-0650?

CVE-2015-0650 affects multiple versions of Cisco IOS and IOS XE, including versions from 12.2 to 15.4 and various 3.x releases of IOS XE.

What type of attack does CVE-2015-0650 enable?

CVE-2015-0650 allows remote attackers to exploit the vulnerability to trigger a denial of service, causing device reload.

What versions of Cisco software should be monitored for CVE-2015-0650?

Be vigilant for any installations running Cisco IOS or IOS XE versions between 12.2 and 15.4, as well as specific versions from 3.9.xS to 3.13.xS.

Vulnerability/
CVE-2015-0650

high

7.8

CWE

26/3/2015

4/9/2015

CVE-2015-0650: Input Validation

First published: Thu Mar 26 2015(Updated: )

The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco IOS XE Web UI	=3.9s.0
Cisco IOS XE Web UI	=3.9s.1
Cisco IOS XE Web UI	=3.9s.2
Cisco IOS XE Web UI	=3.10s.0
Cisco IOS XE Web UI	=3.10s.0a
Cisco IOS XE Web UI	=3.10s.1
Cisco IOS XE Web UI	=3.10s.2
Cisco IOS XE Web UI	=3.10s.3
Cisco IOS XE Web UI	=3.11s.0
Cisco IOS XE Web UI	=3.11s.1
Cisco IOS XE Web UI	=3.11s.2
Cisco IOS XE Web UI	=3.12s.0
Cisco IOS XE Web UI	=3.12s.1
Cisco IOS XE Web UI	=3.13s.0
Cisco IOS XE Web UI	=3.13s.1
Cisco IOS XE Web UI	=3.13s.2
Cisco IOS	=12.2
Cisco IOS	=12.4
Cisco IOS	=15.0
Cisco IOS	=15.1
Cisco IOS	=15.2
Cisco IOS	=15.3
Cisco IOS	=15.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-0650?
CVE-2015-0650 has been classified as a medium severity vulnerability due to its potential to cause denial of service.
How do I fix CVE-2015-0650?
To fix CVE-2015-0650, upgrade your Cisco IOS or IOS XE software to the patched versions indicated in the advisory.
What systems are affected by CVE-2015-0650?
CVE-2015-0650 affects multiple versions of Cisco IOS and IOS XE, including versions from 12.2 to 15.4 and various 3.x releases of IOS XE.
What type of attack does CVE-2015-0650 enable?
CVE-2015-0650 allows remote attackers to exploit the vulnerability to trigger a denial of service, causing device reload.
What versions of Cisco software should be monitored for CVE-2015-0650?
Be vigilant for any installations running Cisco IOS or IOS XE versions between 12.2 and 15.4, as well as specific versions from 3.9.xS to 3.13.xS.

agent/severity
agent/author
agent/references
agent/weakness
agent/type
agent/event
agent/description
agent/tags
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco ios xe web ui
version/cisco ios xe web ui/3.9s.0
version/cisco ios xe web ui/3.9s.1
version/cisco ios xe web ui/3.9s.2
version/cisco ios xe web ui/3.10s.0
version/cisco ios xe web ui/3.10s.0a
version/cisco ios xe web ui/3.10s.1
version/cisco ios xe web ui/3.10s.2
version/cisco ios xe web ui/3.10s.3
version/cisco ios xe web ui/3.11s.0
version/cisco ios xe web ui/3.11s.1
version/cisco ios xe web ui/3.11s.2
version/cisco ios xe web ui/3.12s.0
version/cisco ios xe web ui/3.12s.1
version/cisco ios xe web ui/3.13s.0
version/cisco ios xe web ui/3.13s.1
version/cisco ios xe web ui/3.13s.2
canonical/cisco ios
version/cisco ios/12.2
version/cisco ios/12.4
version/cisco ios/15.0
version/cisco ios/15.1
version/cisco ios/15.2
version/cisco ios/15.3
version/cisco ios/15.4