CVE-2016-6380 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.1HIGHNVD

EPSS

1.7%

top 17.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco IOS XE Cisco IOS XE 3.2ja +3 more

Timeline

PublishedOct 5

Latest updateMay 13

Description

The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages6 packages

▶NVDcisco/ios3205 versions+3204

▶NVDcisco/ios_xe114 versions+113

▶NVDcisco/ios_xe_3.2ja3.2.0ja

▶NVDcisco/ios_xe_3.3sg3.3.0sg, 3.3.1sg, 3.3.2sg+2

▶NVDcisco/ios_xe_3.3xo3.3.0xo, 3.3.1xo, 3.3.2xo+2

🔴Vulnerability Details

GHSA

GHSA-j746-pcj4-2946: The DNS forwarder in Cisco IOS 12↗2022-05-13

▶

CVEList

CVE-2016-6380: The DNS forwarder in Cisco IOS 12↗2016-10-05

▶

📋Vendor Advisories

Cisco

Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability↗2016-09-28

▶