Strix
26.1K

CVE-2015-0648

UnknownEPSS 2.12%

Last modified

CVE-2015-0648 is a vulnerability of currently unknown severity. Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.. EPSS estimates a 2.12% chance of exploitation in the next 30 days.

Description

Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.

Metrics

EPSS Probability
2.12%

79.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoIos12.2\(33\)ird1
CiscoIos12.2\(33\)ire3
CiscoIos12.2\(33\)sxi4b
CiscoIos12.2\(44\)ex
CiscoIos12.2\(44\)ex1
CiscoIos12.2\(44\)sq1
CiscoIos12.2\(46\)se
CiscoIos12.2\(46\)se1
CiscoIos12.2\(46\)se2
CiscoIos12.2\(50\)se
CiscoIos12.2\(50\)se1
CiscoIos12.2\(50\)se2
CiscoIos12.2\(50\)se3
CiscoIos12.2\(50\)se4
CiscoIos12.2\(50\)se5
CiscoIos12.2\(52\)se
CiscoIos12.2\(52\)se1
CiscoIos12.2\(55\)se
CiscoIos12.2\(55\)se3
CiscoIos12.2\(55\)se4
CiscoIos12.2\(55\)se5
CiscoIos12.2\(55\)se6
CiscoIos12.2\(55\)se7
CiscoIos12.2\(55\)se8
CiscoIos12.2\(55\)se9
CiscoIos12.2\(58\)se2
CiscoIos12.4\(25e\)jam1
CiscoIos12.4\(25e\)jap1m
CiscoIos12.4\(25e\)jaz1
CiscoIos15.0\(1\)ey
CiscoIos15.0\(1\)ey1
CiscoIos15.0\(1\)ey2
CiscoIos15.0\(2\)eb
CiscoIos15.0\(2\)ed1
CiscoIos15.0\(2\)ey
CiscoIos15.0\(2\)ey1
CiscoIos15.0\(2\)ey2
CiscoIos15.0\(2\)ey3
CiscoIos15.0\(2\)se
CiscoIos15.0\(2\)se1
CiscoIos15.0\(2\)se2
CiscoIos15.0\(2\)se3
CiscoIos15.0\(2\)se4
CiscoIos15.0\(2\)se5
CiscoIos15.0\(2\)se6
CiscoIos15.0\(2\)se7
CiscoIos15.2\(1\)ex
CiscoIos15.2\(1\)ey
CiscoIos15.2\(2\)e
CiscoIos15.2\(2\)e1

Showing 50 of 61 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2015-0648?
Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.
How severe is CVE-2015-0648?
Severity scoring for CVE-2015-0648 is pending analysis. The EPSS model estimates a 2.12% probability of exploitation in the next 30 days.
How do I fix CVE-2015-0648?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-0648?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST