CVE-2016-1351 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation CWE-3994 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.8%

top 17.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco Nx-os

Timeline

PublishedMar 26

Latest updateMay 17

Description

The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/ios17 versions+16

▶NVDcisco/nx-os42 versions+41

🔴Vulnerability Details

GHSA

GHSA-6xgf-vfjw-9xmf: The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15↗2022-05-17

▶

CVEList

CVE-2016-1351: The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15↗2016-03-26

▶

📋Vendor Advisories

Cisco

Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability↗2016-03-23

▶