CVE-2016-6423Cisco IOS vulnerability

CWE-3994 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 36.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedOct 5
Latest updateMay 17

Description

The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDcisco/ios15.5\(3\)m

🔴Vulnerability Details

2
GHSA
GHSA-f765-58h8-hwq6: The IKEv2 client and initiator implementations in Cisco IOS 152022-05-17
CVEList
CVE-2016-6423: The IKEv2 client and initiator implementations in Cisco IOS 152016-10-05

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability2016-10-05
CVE-2016-6423 — Cisco IOS vulnerability | cvebase