Cisco ASR 5000 PMIPv6 Denial of Service Vulnerability (CVE-2015-6340)
Cisco ASR 5000 PMIPv6 Denial of Service Vulnerability (CVE-2015-6340)
Release date:
Updated on:
Affected Systems:
Cisco ASR 5000 19.0.M0.60737
Description:
CVE (CAN) ID: CVE-2015-6340
The Cisco ASR 5000 series is a carrier-level platform for deploying high-demand 3G networks and migrating to long-term evolution (LTE) networks.
In the Cisco ASR 5000 19.0.M0.60737 software version, the PMIPv6 component has a security vulnerability in CDMA implementation. Remote attackers use the header constructed in the PMIPv6 packet, this vulnerability can cause DoS (hamgr process restart ).
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdma
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20151016-asrcdma) and patches for this:
Cisco-sa-20151016-asrcdma: Cisco ASR 5000 CDMA PMIpv6 Denial of Service Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdma
This article permanently updates the link address: