CVE-2016-1378 — Sensitive Information Exposure in Cisco IOS

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 54.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedApr 14

Latest updateMay 17

Description

Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDcisco/ios28 versions+27

🔴Vulnerability Details

GHSA

GHSA-8rhh-c55j-xmhh: Cisco IOS before 15↗2022-05-17

▶

CVEList

CVE-2016-1378: Cisco IOS before 15↗2016-04-14

▶

📋Vendor Advisories

Cisco

Cisco Catalyst Switches Network Mobility Services Protocol Port Information Disclosure Vulnerability↗2016-04-13

▶