CVE-2016-6466

CWE-3994 documents4 sources

Severity

7.5HIGH

EPSS

0.8%

top 26.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ASR 5000 Series Software Cisco Virtualized Packet Core

Timeline

PublishedNov 19

Latest updateMay 17

Description

A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series routers, Cisco Virtualized Packet Core (VPC). More Information: CSCva13631. Known Affected Releases: 20.0.0 20.1.0 20.2.0 20.2.3 20.2.v1 21.0.0 21.0.M…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/asr_5000_series_software20.0.0, 20.0.2.3, 20.0.2.v1+2

▶NVDcisco/virtualized_packet_core20.0_base

▶CVEListV5cisco_staros_20.0.0_through_21.0.m0.64246Cisco StarOS 20.0.0 through 21.0.M0.64246

🔴Vulnerability Details

GHSA

GHSA-jwp5-v2vg-6xxj: A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all ac↗2022-05-17

▶

CVEList

CVE-2016-6466: A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all ac↗2016-11-19

▶

📋Vendor Advisories

Cisco

Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability↗2016-11-16

▶