What is CVE-2015-6360?

CVE-2015-6360 is a high-severity vulnerability in Cisco Adaptive_security_appliance_software, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.5/10. Published 2016-04-21.

How severe is CVE-2015-6360?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2015-6360 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Cisco Adaptive_security_appliance_software

CVE-2015-6360

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.

Vulnerability class: Buffer Overflow

EPSS: 0.185 (95.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Cisco Adaptive_security_appliance_software — versions 8.1.0.104, 8.2.0.45, 8.2.1
Cisco Dx_series_ip_phones_firmware — versions 9.3\(2\)
Cisco Ios_xe — versions 3.10s_3.10.0s, 3.10s_3.10.1s, 3.10s_3.10.1xbs
Cisco Ip_phone_7800_series_firmware — versions 10.3\(1\)
Cisco Ip_phone_8800_series_firmware — versions 10.3\(2\), 11.0\(1\)
Cisco Jabber_software_development_kit — versions 8.6\(1\), 9.0\(1\), 9.2\(0\)
Cisco Libsrtp
Cisco Unified_communications_manager — versions 9.9\(9\)st1.9
Cisco Unified_ip_phone_6900_series_firmware — versions 9.3\(2\)
Cisco Unified_ip_phone_7900_series_firmware — versions 9.9\(9.99001.1\), 9.9_base

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

1035650 (vdb-entry, x_refsource_SECTRACK)
1035649 (vdb-entry, x_refsource_SECTRACK)
20160420 Multiple Cisco Products libSRTP Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
DSA-3539 (vendor-advisory, x_refsource_DEBIAN)
1035651 (vdb-entry, x_refsource_SECTRACK)
1035636 (vdb-entry, x_refsource_SECTRACK)
1035648 (vdb-entry, x_refsource_SECTRACK)
1035652 (vdb-entry, x_refsource_SECTRACK)
1035637 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-6360?: CVE-2015-6360 is a high-severity vulnerability in Cisco Adaptive_security_appliance_software, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.5/10. Published 2016-04-21.
How severe is CVE-2015-6360?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2015-6360 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.