CVE-2016-6398Sensitive Information Exposure in Cisco IOS

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 49.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 12
Latest updateMay 17

Description

The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDcisco/ios15.5\(3\)m

🔴Vulnerability Details

2
GHSA
GHSA-qg58-pgjg-rwwr: The PPTP server in Cisco IOS 152022-05-17
CVEList
CVE-2016-6398: The PPTP server in Cisco IOS 152016-09-12

📋Vendor Advisories

1
Cisco
Cisco IOS Software Point-to-Point Tunneling Protocol Server Information Disclosure Vulnerability2016-09-02
CVE-2016-6398 — Sensitive Information Exposure in Cisco | cvebase