CVE-2015-6365: Input Validation
First published: Sat Nov 14 2015(Updated: )
Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =15.2\(4\)m | |
| Cisco IOS | =15.4\(3\)m |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6365?
CVE-2015-6365 has a medium severity rating, indicating a potential risk of unauthorized network access.
How do I fix CVE-2015-6365?
To fix CVE-2015-6365, upgrade your Cisco IOS to the patched versions 15.2(05)M or later, or 15.4(04)M or later.
What are the main risks associated with CVE-2015-6365?
The main risks associated with CVE-2015-6365 include unauthorized network access and potential data exfiltration.
Who is affected by CVE-2015-6365?
CVE-2015-6365 affects users and administrators of Cisco IOS versions 15.2(04)M and 15.4(03)M.
What types of devices are affected by CVE-2015-6365?
CVE-2015-6365 affects Cisco devices running the specified versions of Cisco IOS, typically routers and network switches.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/15.2\(4\)m
- version/cisco ios/15.4\(3\)m