CVE-2016-6386Cisco IOS XE vulnerability

CWE-3994 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 26.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Cisco IOS XECisco IOS XE 16.1Cisco IOS XE 3.2ja+3 more
Timeline
PublishedOct 5
Latest updateMay 13

Description

Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID CSCux66005.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDcisco/ios_xe118 versions+117
NVDcisco/ios_xe_16.116.1.2
NVDcisco/ios_xe_3.2ja3.2.0ja
NVDcisco/ios_xe_3.3sg3.3.0sg, 3.3.1sg, 3.3.2sg+2
NVDcisco/ios_xe_3.3xo3.3.0xo, 3.3.1xo, 3.3.2xo+2

🔴Vulnerability Details

2
GHSA
GHSA-hrr9-53wq-6vh5: Cisco IOS XE 32022-05-13
CVEList
CVE-2016-6386: Cisco IOS XE 32016-10-05

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software IP Fragment Reassembly Denial of Service Vulnerability2016-09-28
CVE-2016-6386 — Cisco IOS XE vulnerability | cvebase