CVE-2016-6441Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
3.5%
top 12.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedNov 3
Latest updateMay 17

Description

A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. This vulnerability affects Cisco ASR 900 Series Aggregation Services Routers (ASR902, ASR903, and ASR907) that are running the following releases of Cisco IOS XE Software: 3.17.0S 3.17.1S 3.17.2S 3.18.0S 3.18.1S. More Information: CSCuy15175. Known Affected Releases: 15.6(1)S 15.6(2)S. Know

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDcisco/ios_xe7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-g5ff-5f8x-677m: A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a re2022-05-17
CVEList
CVE-2016-6441: A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a re2016-11-03

📋Vendor Advisories

1
Cisco
Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability2016-11-02
CVE-2016-6441 — Cisco IOS XE vulnerability | cvebase