What is CVE-2015-6432?

CVE-2015-6432 is a high-severity vulnerability in Cisco Ios_xr, classified under CWE-399. CVSS score: 7.5/10. Published 2016-01-05.

How severe is CVE-2015-6432?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2015-6432 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Cisco Ios_xr

CVE-2015-6432

Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of s…

EPSS: 0.009 (76.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Cisco Ios_xr — versions 4.2.0, 4.3.0, 5.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

Farrhouq/Inpt-report

References

1034570 (vdb-entry, x_refsource_SECTRACK)
20160104 Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2015-6432?: CVE-2015-6432 is a high-severity vulnerability in Cisco Ios_xr, classified under CWE-399. CVSS score: 7.5/10. Published 2016-01-05.
How severe is CVE-2015-6432?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2015-6432 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.