Strix
26.1K

CVE-2015-6360

UnknownEPSS 8.28%

Last modified

CVE-2015-6360 is a vulnerability of currently unknown severity. The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.. EPSS estimates a 8.28% chance of exploitation in the next 30 days.

Description

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.

Metrics

EPSS Probability
8.28%

94.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoIos Xe3.10s_3.10.0s
CiscoIos Xe3.10s_3.10.1s
CiscoIos Xe3.10s_3.10.1xbs
CiscoIos Xe3.10s_3.10.2s
CiscoIos Xe3.10s_3.10.2ts
CiscoIos Xe3.10s_3.10.4s
CiscoIos Xe3.10s_3.10.5s
CiscoIos Xe3.10s_3.10.6s
CiscoIos Xe3.10s_3.10.7s
CiscoIos Xe3.11s_3.11.0s
CiscoIos Xe3.11s_3.11.1s
CiscoIos Xe3.11s_3.11.2s
CiscoIos Xe3.11s_3.11.3s
CiscoIos Xe3.11s_3.11.4s
CiscoIos Xe3.13s_3.13.0s
CiscoIos Xe3.13s_3.13.1s
CiscoIos Xe3.13s_3.13.4s
CiscoIos Xe3.14s_3.14.0s
CiscoIos Xe3.15s_3.15.1s
CiscoIos Xe3.15s_3.15.2s
CiscoWebex Meeting Centerbase
CiscoDx Series Ip Phones Firmware9.3\(2\)
CiscoIp Phone 7800 Series Firmware10.3\(1\)
CiscoIp Phone 8800 Series Firmware10.3\(2\)
CiscoIp Phone 8800 Series Firmware11.0\(1\)
CiscoUnified Ip Phone 6900 Series Firmware9.3\(2\)
CiscoUnified Ip Phone 7900 Series Firmware9.9\(9.99001.1\)
CiscoUnified Ip Phone 7900 Series Firmware9.9_base
CiscoUnified Ip Phone 8900 Series Firmware9.0\(1\)sr1
CiscoUnified Ip Phone 8900 Series Firmware9.0\(3\)
CiscoUnified Ip Phone 8900 Series Firmware9.0\(4\)
CiscoUnified Ip Phone 8900 Series Firmware9.1\(1\)sr1
CiscoUnified Ip Phone 8900 Series Firmware9.1\(2\)
CiscoUnified Ip Phone 8900 Series Firmware9.2\(1\)
CiscoUnified Ip Phone 8900 Series Firmware9.2\(2\)
CiscoUnified Ip Phone 8900 Series Firmware9.2\(2\)sr1
CiscoUnified Ip Phone 8900 Series Firmware9.2\(3\)
CiscoUnified Ip Phone 8900 Series Firmware9.2\(4\)
CiscoUnified Ip Phone 8900 Series Firmware9.3\(1\)
CiscoUnified Ip Phone 8900 Series Firmware9.3\(2\)
CiscoUnified Ip Phone 8900 Series Firmware9.3\(2\)sr1
CiscoUnified Ip Phone 8900 Series Firmware9.3\(4\)
CiscoUnified Ip Phone 8900 Series Firmware9.4\(1\)
CiscoUnified Ip Phone 8900 Series Firmware9.4\(1\)sr1
CiscoUnified Ip Phone 8900 Series Firmware9.4\(2\)
CiscoUnified Wireless Ip Phone 7920 Firmware1.0\(5\)
CiscoUnified Wireless Ip Phone 7920 Firmware1.0\(6\)
CiscoUnified Wireless Ip Phone 7920 Firmware1.0\(7\)
CiscoUnified Wireless Ip Phone 7920 Firmware1.0\(8\)
CiscoUnified Wireless Ip Phone 7920 Firmware1.0\(9\)

Showing 50 of 291 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2015-6360?
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
How severe is CVE-2015-6360?
Severity scoring for CVE-2015-6360 is pending analysis. The EPSS model estimates a 8.28% probability of exploitation in the next 30 days.
How do I fix CVE-2015-6360?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-6360?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST