Improper VTY Session Closure Vulnerability on Cisco ASR 9000 Devices

Improper VTY Session Closure Vulnerability on Cisco ASR 9000 Devices

CVE-2015-4277 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842.

Learn more about our Cis Benchmark Audit For Cisco.