CVE-2016-1399 — Cisco IOS vulnerability

CWE-3995 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 21.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco Industrial Ethernet 4000 AND Ethernet 5000 Series Switches Icmp Ipv4 Packet Corr

Timeline

PublishedMay 14

Latest updateMay 13

Description

The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶ciscocisco/industrial_ethernet_4000_and_ethernet_5000_series_switches_icmp_ipv4_packet_corr

▶NVDcisco/ios6 versions+5

🔴Vulnerability Details

GHSA

GHSA-2q64-fx5h-2j6c: The packet-processing microcode in Cisco IOS 15↗2022-05-13

▶

📋Vendor Advisories

CISA ICS

Rockwell Automation Allen-Bradley Stratix 5400 and 5410 Packet Corruption Vulnerability↗2018-08-23

▶

Cisco

Cisco Industrial Ethernet 4000 and Ethernet 5000 Series Switches ICMP IPv4 Packet Corruption Vulnerability↗2016-05-13

▶

Cisco

Cisco Industrial Ethernet 4000 and Ethernet 5000 Series Switches ICMP IPv4 Packet Corruption Vulnerability↗

▶