CVE-2016-9201 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.3%

top 20.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedDec 14

Latest updateMay 17

Description

A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/ios15.3\(3\)m3

🔴Vulnerability Details

GHSA

GHSA-rwg4-2f3r-qq47: A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traf↗2022-05-17

▶

CVEList

CVE-2016-9201: A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traf↗2016-12-14

▶

📋Vendor Advisories

Cisco

Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability↗2016-12-07

▶