CVE-2016-6384 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation CWE-3994 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.0%

top 16.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco IOS XE

Timeline

PublishedOct 5

Latest updateMay 13

Description

Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/ios12.2 — 12.4+1

▶NVDcisco/ios_xe3.1 — 3.17+1

🔴Vulnerability Details

GHSA

GHSA-5ccc-frc7-5rrg: Cisco IOS 12↗2022-05-13

▶

CVEList

CVE-2016-6384: Cisco IOS 12↗2016-10-05

▶

📋Vendor Advisories

Cisco

Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability↗2016-09-28

▶