ID
VAR-201603-0293
CVE
CVE-2016-1349
TITLE
Cisco IOS and IOS XE of Smart Install Service disruption in client implementation (DoS) Vulnerabilities
Trust: 0.8
sources:
JVNDB: JVNDB-2016-001910
DESCRIPTION
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. This issue is being tracked by Cisco Bug ID CSCuv45410. The following products and versions are affected: Cisco IOS Release 12.2, Release 15.0, Release 15.2, IOS XE Release 3.2 through Release 3.7
Trust: 2.52
sources:
NVD: CVE-2016-1349 //
JVNDB: JVNDB-2016-001910 //
CNVD: CNVD-2016-01900 //
BID: 85308 //
VULHUB: VHN-90168
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-01900
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4sg_3.4.3sg | Trust: 1.0 |
| vendor: | zyxel | model: | gs1900-10hp | scope: | lt | version: | 2.50\(aazi.0\)c0 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.7e_3.7.0e | Trust: 1.0 |
| vendor: | netgear | model: | jr6150 | scope: | lt | version: | 2017-01-06 | Trust: 1.0 |
| vendor: | samsung | model: | x14j | scope: | eq | version: | t-ms14jakucb-1102.5 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.7e_3.7.1e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.5e_3.5.0e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3xo_3.3.0xo | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3xo_3.3.1xo | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3se_3.3.2se | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.2se_3.2.3se | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4sg_3.4.5sg | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6e_3.6.2e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4sg_3.4.6sg | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3se_3.3.4se | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4sg_3.4.0sg | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.5e_3.5.1e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.2se_3.2.2se | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3se_3.3.3se | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6e_3.6.0e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.2se_3.2.0se | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.7e_3.7.2e | Trust: 1.0 |
| vendor: | intel | model: | core i5-9400f | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4sg_3.4.4sg | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.5e_3.5.3e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6e_3.6.2ae | Trust: 1.0 |
| vendor: | zzinc | model: | keymouse | scope: | eq | version: | 3.08 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.2se_3.2.1se | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.5e_3.5.2e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4sg_3.4.2sg | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3xo_3.3.2xo | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.4sg_3.4.1sg | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6e_3.6.1e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3se_3.3.1se | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.2ja_3.2.0ja | Trust: 1.0 |
| vendor: | sun | model: | opensolaris | scope: | eq | version: | snv_124 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3se_3.3.0se | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.3se_3.3.5se | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2 | Trust: 0.8 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.0 | Trust: 0.8 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.2 | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.2 to 3.7 | Trust: 0.8 |
| vendor: | cisco | model: | ios xe software | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2\\\(35\\\)se4 | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2\\\(25\\\)seg3 | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2\\\(52\\\)ex1 | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2\\\(44\\\)se5 | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2\\\(58\\\)se2 | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2\\\(25\\\)sed1 | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2\\\(50\\\)se4 | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2\\\(25\\\)seg6 | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2\\\(55\\\)ez | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2\\\(50\\\)se | Trust: 0.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 0 | Trust: 0.3 |
sources:
CNVD: CNVD-2016-01900 //
BID: 85308 //
JVNDB: JVNDB-2016-001910 //
CNNVD: CNNVD-201603-359 //
NVD: CVE-2016-1349
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2016-01900 //
VULHUB: VHN-90168 //
JVNDB: JVNDB-2016-001910 //
CNNVD: CNNVD-201603-359 //
NVD: CVE-2016-1349
PROBLEMTYPE DATA
| problemtype: | CWE-399 | Trust: 1.9 |
sources:
VULHUB: VHN-90168 //
JVNDB: JVNDB-2016-001910 //
NVD: CVE-2016-1349
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201603-359
TYPE
resource management error
Trust: 0.6
sources:
CNNVD: CNNVD-201603-359
CONFIGURATIONS
sources:
JVNDB: JVNDB-2016-001910
PATCH
| title: | cisco-sa-20160323-smi | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi | Trust: 0.8 |
| title: | cisco-sa-20160323-smi | url: | http://www.cisco.com/cisco/web/support/JP/113/1136/1136608_cisco-sa-20160323-smi-j.html | Trust: 0.8 |
| title: | Patch for CiscoIOS and IOSXESoftwareSmartInstallclient Denial of Service Vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/73294 | Trust: 0.6 |
| title: | Cisco IOS and IOS XE Software Smart Install client Fixes for feature denial of service vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60684 | Trust: 0.6 |
sources:
CNVD: CNVD-2016-01900 //
JVNDB: JVNDB-2016-001910 //
CNNVD: CNNVD-201603-359
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-1349 | Trust: 3.4 |
| db: | SECTRACK | id: | 1035385 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2016-001910 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201603-359 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2016-01900 | Trust: 0.6 |
| db: | BID | id: | 85308 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-90168 | Trust: 0.1 |
sources:
CNVD: CNVD-2016-01900 //
VULHUB: VHN-90168 //
BID: 85308 //
JVNDB: JVNDB-2016-001910 //
CNNVD: CNNVD-201603-359 //
NVD: CVE-2016-1349
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160323-smi | Trust: 2.3 |
| url: | http://www.securitytracker.com/id/1035385 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1349 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1349 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html | Trust: 0.3 |
sources:
CNVD: CNVD-2016-01900 //
VULHUB: VHN-90168 //
BID: 85308 //
JVNDB: JVNDB-2016-001910 //
CNNVD: CNNVD-201603-359 //
NVD: CVE-2016-1349
CREDITS
Tenable Network Security.
Trust: 0.3
sources:
BID: 85308
SOURCES
| db: | CNVD | id: | CNVD-2016-01900 |
| db: | VULHUB | id: | VHN-90168 |
| db: | BID | id: | 85308 |
| db: | JVNDB | id: | JVNDB-2016-001910 |
| db: | CNNVD | id: | CNNVD-201603-359 |
| db: | NVD | id: | CVE-2016-1349 |
LAST UPDATE DATE
2024-11-23T22:13:19.999000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-01900 | date: | 2016-03-28T00:00:00 |
| db: | VULHUB | id: | VHN-90168 | date: | 2016-12-03T00:00:00 |
| db: | BID | id: | 85308 | date: | 2016-03-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-001910 | date: | 2016-03-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-201603-359 | date: | 2016-03-28T00:00:00 |
| db: | NVD | id: | CVE-2016-1349 | date: | 2024-11-21T02:46:14.013 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-01900 | date: | 2016-03-26T00:00:00 |
| db: | VULHUB | id: | VHN-90168 | date: | 2016-03-26T00:00:00 |
| db: | BID | id: | 85308 | date: | 2016-03-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-001910 | date: | 2016-03-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-201603-359 | date: | 2016-03-24T00:00:00 |
| db: | NVD | id: | CVE-2016-1349 | date: | 2016-03-26T01:59:03.120 |