cbcvebase.
CVE-2016-6441
published 2016-11-03

CVE-2016-6441: A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of…

PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.90%
91.0th percentile
A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. This vulnerability affects Cisco ASR 900 Series Aggregation Services Routers (ASR902, ASR903, and ASR907) that are running the following releases of Cisco IOS XE Software: 3.17.0S 3.17.1S 3.17.2S 3.18.0S 3.18.1S. More Information: CSCuy15175. Known Affected Releases: 15.6(1)S 15.6(2)S. Known Fixed Releases: 15.6(1)S2.12 15.6(1.17)S0.41 15.6(1.17)SP 15.6(2)SP 16.4(0.183) 16.5(0.10).

Affected

8 ranges
VendorProductVersion rangeFixed in
ciscoasr_900_series_aggregation_services_routers
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe

Detection & IOCsextracted from sources · hover to see the quote

portTL1 port
  • Monitor for malformed/malicious inbound requests to the TL1 port on Cisco ASR 900 Series devices (ASR902, ASR903, ASR907); unexpected device reloads may indicate exploitation attempts.
  • The vulnerability is triggered by incomplete bounds checks on input data; look for oversized or malformed TL1 input payloads targeting ASR 900 series routers.
  • Track Cisco bug ID CSCuy15175 for patch status and additional indicators associated with this vulnerability.
  • ·Affected IOS XE releases are 3.17.0S, 3.17.1S, 3.17.2S, 3.18.0S, and 3.18.1S on ASR902, ASR903, and ASR907 devices; verify device model and software version before applying detections.
  • ·Workarounds exist for this vulnerability in addition to software updates; consult the Cisco advisory for workaround details to reduce exposure of the TL1 port.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.