CVE-2016-6381Cisco IOS vulnerability

CWE-3994 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.3%
top 20.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Cisco IOSCisco IOS XECisco IOS XE 16.1+3 more
Timeline
PublishedOct 5
Latest updateMay 13

Description

Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka Bug ID CSCuy47382.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDcisco/ios589 versions+588
NVDcisco/ios_xe105 versions+104
NVDcisco/ios_xe_16.116.1.2
NVDcisco/ios_xe_3.3sg3.3.0sg, 3.3.1sg, 3.3.2sg+2
NVDcisco/ios_xe_3.3xo3.3.0xo, 3.3.1xo+1

🔴Vulnerability Details

2
GHSA
GHSA-7v3x-w835-5wrm: Cisco IOS 122022-05-13
CVEList
CVE-2016-6381: Cisco IOS 122016-10-05

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability2016-09-28
CVE-2016-6381 — Cisco IOS vulnerability | cvebase