CVE-2016-6438 — Cisco IOS XE vulnerability

CWE-2645 documents5 sources

Severity

5.9MEDIUMNVD

EPSS

0.4%

top 40.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE

Timeline

PublishedOct 27

Latest updateMay 17

Description

A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers: All 3.16S releases, All 3.17S releases, Release 3.18.0S, Release 3.18.1S, Release 3.18.0SP. More Information: CSCuz62815. Known Affected R…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/ios_xe17 versions+16

🔴Vulnerability Details

GHSA

GHSA-65gc-9jw6-hwxx: A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a↗2022-05-17

▶

CVEList

CVE-2016-6438: A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a↗2016-10-27

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2020-6437↗2020-04-07

▶

Cisco

Cisco cBR-8 Converged Broadband Router vty Integrity Vulnerability↗2016-10-12

▶