Critical Vulnerability Information Vulnerability Overview CVE ID: CVE-2015-6874 Severity Score: 9.8 (CVSS v3) Affected Products: Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software Vulnerability Type: Remote Code Execution vulnerability in TWAMP Server functionality Affected Scope Affected Products: - Cisco IOS Software: Versions 15.2(4)M2 and earlier, as well as 17.3.3 and earlier (only when the debug command is enabled) - Cisco IOS XE Software: Versions 16.6.1 to 17.2.3 (only when the debug command is enabled) - Cisco IOS XR Software: All versions (only when the debug command is enabled) Vulnerability Details Description: Attackers can trigger a buffer overflow by crafting malicious TWAMP control messages, leading to device reboot or denial of service. Exploitation Conditions: Requires TWAMP server functionality to be enabled and specific debug command activated. Mitigation and Solution Patch Release: Cisco has released updated software to address this vulnerability. Customers are advised to upgrade to the latest versions as soon as possible. Configuration Check: Use commands and to verify TWAMP server configuration and debug status. Additional Information Advisory Date: May 7, 2020 Source: Discovered during internal security testing Related Link: Cisco Security Advisory