CVE-2016-1333 — Regex Denial of Service in Cisco IOS

CWE-399 CWE-1333 — Regex Denial of Service7 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 36.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Salesforce Tough-cookie Tibco Hawk Cisco IOS

Timeline

PublishedFeb 17

Latest updateMay 17

Description

Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB OIDs, aka Bug ID CSCux89878.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/ios15.5\(3\)m, 15.6\(1\)t0a+1

▶npmtibco/hawk4.0.0 — 4.1.1+1

▶npmsalesforce/tough-cookie< 2.3.0

🔴Vulnerability Details

GHSA

GHSA-2hgh-fw5m-38cf: Cisco IOS 15↗2022-05-17

▶

GHSA

ReDoS via long string of semicolons in tough-cookie↗2018-10-10

▶

GHSA

Regular Expression Denial of Service in hawk↗2018-07-31

▶

GHSA

Regular Expression Denial of Service in is-my-json-valid↗2017-10-24

▶

CVEList

CVE-2016-1333: Cisco IOS 15↗2016-02-17

▶

📋Vendor Advisories

Cisco

Cisco 1000 Series Connected Grid Routers SNMP BRIDGE MIB Denial of Service Vulnerability↗2016-02-17

▶