VIR Vulnerability Intelligence Relay

CVE-2015-6273

high
Published 2015-08-29 · Modified 2026-05-06
CVSS v3
CVSS v2
7.8
VIR risk
7.8

Description

Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/viewAlert.x?alertId=40690

References

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.