CVE-2016-1409 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.5HIGHNVD

EPSS

4.9%

top 10.42%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Cisco IOS Cisco IOS XE Cisco IOS XR +1 more

Timeline

PublishedMay 29

Latest updateMay 17

Description

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDcisco/ios4359 versions+4358

▶NVDcisco/nx-os256 versions+255

▶NVDcisco/ios_xe196 versions+195

▶NVDcisco/ios_xr80 versions+79

🔴Vulnerability Details

GHSA

GHSA-mmgr-38w5-mg7v: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2↗2022-05-17

▶

CVEList

CVE-2016-1409: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2↗2016-05-29

▶

VulnCheck

Cisco IOS Software Improper Input Validation↗2016

▶

📋Vendor Advisories

Cisco

Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability↗2016-05-25

▶