CVE-2016-1428 — Double Free in Cisco IOS XE

CWE-3995 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 36.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE

Timeline

PublishedJun 23

Latest updateMay 17

Description

Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/ios_xe3.15.0s, 3.16.0s, 3.17.0s+2

🔴Vulnerability Details

GHSA

GHSA-8wv6-5hv9-2fh8: Double free vulnerability in Cisco IOS XE 3↗2022-05-17

▶

CVEList

CVE-2016-1428: Double free vulnerability in Cisco IOS XE 3↗2016-06-23

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software SNMP Subsystem Denial of Service Vulnerability↗2016-06-20

▶

💬Community

Bugzilla

CVE-2016-4999 Dashbuilder: SQL Injection on data set lookup filters↗2016-06-24

▶