CVE-2016-1349

CWE-3994 documents4 sources
Severity
7.5HIGH
EPSS
0.7%
top 27.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Netgear Jr6150 FirmwareZyxel Gs1900-10hp FirmwareCisco IOS XE+3 more
Timeline
PublishedMar 26
Latest updateMay 17

Description

The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDcisco/ios_xe32 versions+31
NVDnetgear/jr6150_firmware< 2017-01-06
NVDzyxel/gs1900-10hp_firmware< 2.50\(aazi.0\)c0
NVDsun/opensolarissnv_124
NVDsamsung/x14j_firmwaret-ms14jakucb-1102.5

🔴Vulnerability Details

2
GHSA
GHSA-83rc-6xcc-4x2j: The Smart Install client implementation in Cisco IOS 122022-05-17
CVEList
CVE-2016-1349: The Smart Install client implementation in Cisco IOS 122016-03-26

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability2016-03-23