CVE-2018-15391

CVE-2018-15391: Cisco Remote PHY IPv4 Fragment Denial of Service Vulnerability

Vendor Cisco
Product Cisco Remote PHY
Weakness CWE-399
Published October 5, 2018
Last update November 26, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability in certain IPv4 fragment-processing functions of Cisco Remote PHY Software could allow an unauthenticated, remote attacker to impact traffic passing through a device, potentially causing a denial of service (DoS) condition. The vulnerability is due to the affected software not validating and calculating certain numerical values in IPv4 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending malformed IPv4 traffic to an affected device. A successful exploit could allow the attacker to disrupt the flow of certain IPv4 traffic passing through an affected device, which could result in a DoS condition.

Key dates

02Disclosure timeline

October 5, 2018 CVE published
November 26, 2024 Record updated