CVE-2016-6473Injection in Cisco IOS

CWE-74InjectionCWE-3994 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS
Timeline
PublishedDec 14
Latest updateMay 17

Description

A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCux07028. Known Affected Releases: 15.2(3)E. Known Fixed Releases: 12.2(50)SE4 12.2(50)SE5 12.2(50)SQ5 12.2(50)SQ6 12.2(50)SQ7 12.2(52)EY4 12.2(52)SE1 12.2(53)EX 12.2(53)SE 12.2(53)SE1 12.2(53)SE2 12.2(53)SG10 12.2(53)SG11 12.2(53)SG2 12.2(53)SG9 12.2(54)SG1 12.2(55)EX3 12.2(55)SE 12.2(55)SE1 12.2(55)S

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios7 versions+6
CVEListV5cisco/cisco_iosCisco IOS

🔴Vulnerability Details

2
GHSA
GHSA-cmgm-hrg8-r7v6: A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 22022-05-17
CVEList
CVE-2016-6473: A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 22016-12-14

📋Vendor Advisories

1
Cisco
Cisco IOS Frame Forwarding Denial of Service Vulnerability2016-12-07
CVE-2016-6473 — Injection in Cisco IOS | cvebase