Published: 23/06/2015 Updated: 28/12/2016
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote malicious users to cause a denial of service (memory consumption) by triggering an error during CPE negotiation, aka Bug ID CSCug00885.

Vendor Advisories

A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a standby Performance Routing Engine (PRE) to leak a small portion of memory on a targeted system, resulting in a denial of service (DoS) condition The vulnerability is due to a failure to free a portion of memory allocate ...