Vulnerability in Cisco Asr_5000
CVE-2015-0712
The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217.
EPSS: 0.005 (65.2th percentile) — read the EPSS interpretation.
Affected products
- Cisco Asr_5000
- Cisco Asr_5500
- Cisco Asr_5700
- Cisco Staros — versions 12.0, 12.2\(300\), 14.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 1032219 (vdb-entry, x_refsource_SECTRACK)
- 20150429 Cisco StarOS for Cisco ASR 5000 Series HTTP Packet Processing Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)