⚠ Actively exploited

Added to CISA KEV on 2023-05-19. Federal agencies required to patch by 2023-06-09. Required action: Apply updates per vendor instructions..

CVE-2016-6415 — Sensitive Information Exposure in Cisco IOS XR

CWE-200 — Sensitive Information Exposure8 documents8 sources

Severity

7.5HIGHNVD

EPSS

93.0%

top 0.22%

CISA KEV

KEV

Added 2023-05-19

Due 2023-06-09

Exploit

Exploited in wild

Active exploitation observed

Affected products

Cisco IOS XR Cisco IOS Cisco IOS XE

Timeline

PublishedSep 19

KEV addedMay 19

KEV dueJun 9

CISA Required Action: Apply updates per vendor instructions.

Description

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/ios_xr5.0.0 — 5.3.0+1

▶NVDcisco/ios12.2 — 12.4+1

▶NVDcisco/ios_xe3.18s

🔴Vulnerability Details

GHSA

GHSA-ccm6-q86p-2hwx: The server IKEv1 implementation in Cisco IOS 12↗2022-05-13

▶

CVEList

CVE-2016-6415: The server IKEv1 implementation in Cisco IOS 12↗2016-09-19

▶

VulnCheck

Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability↗2016

▶

💥Exploits & PoCs

Exploit-DB

Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory↗2017-03-17

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible Cisco IKEv1 Information Disclosure Vulnerability CVE-2016-6415↗2016-09-29

▶

📋Vendor Advisories

CISA

Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability↗2023-05-19

▶

Cisco

IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products↗2016-09-16

▶