Details of VAR-201603-0294

ID

VAR-201603-0294

CVE

CVE-2016-1350

TITLE

Cisco IOS and Unified Communications Manager Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-001911

DESCRIPTION

Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. Vendors have confirmed this vulnerability Bug ID CSCuj23293 It is released as.Malformed by a third party SIP Service disruption via message ( Device reload ) There is a possibility of being put into a state. An attacker can exploit this issue to cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCuj23293 and CSCuv39370. Session Initiation Protocol (SIP) is one of the session initiation protocols. There are security vulnerabilities in the SIP protocol of several Cisco products. The following products and versions are affected: Cisco IOS Release 15.3, Release 15.4, IOS XE Release 3.8 to Release 3.11, CUCM Release 8.x, Release 9.x, Release 10.x, Release 11.x

Trust: 1.98

sources: NVD: CVE-2016-1350 // JVNDB: JVNDB-2016-001911 // BID: 85372 // VULHUB: VHN-90169

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.0as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.1as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.2s	Trust: 1.0
vendor:	zyxel	model:	gs1900-10hp	scope:	lt	version:	2.50\(aazi.0\)c0	Trust: 1.0
vendor:	lenovo	model:	thinkcentre e75s	scope:	lt	version:	m16kt61a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.1xbs	Trust: 1.0
vendor:	zzinc	model:	keymouse	scope:	eq	version:	3.08	Trust: 1.0
vendor:	samsung	model:	x14j	scope:	eq	version:	t-ms14jakucb-1102.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.1s	Trust: 1.0
vendor:	sun	model:	opensolaris	scope:	eq	version:	snv_124	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.2s	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	11.x	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.0(1)su1	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	10.x	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8 to 3.11	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5(2)su3	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.x	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	9.x	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1(2)su4	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.3	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.4	Trust: 0.8
vendor:	cisco	model:	unified communications manager 8.0 su1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 8.0	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\\\(2\\\)s0a	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\\\(1\\\)t2	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\\\(2\\\)t	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\\\(2\\\)t1	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\\\(2\\\)s2	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\\\(1\\\)t	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\\\(1\\\)t	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\\\(1\\\)t1	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\\\(2\\\)t2	Trust: 0.6
vendor:	rockwell	model:	automation stratix	scope:	eq	version:	59000	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6.2	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6.1	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1.(2.10000.28)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6.3	Trust: 0.3
vendor:	cisco	model:	unified communications manager be3k	scope:	eq	version:	8.6(4)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6(4)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6(3)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.6 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5.1	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.4	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.1	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.0 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(3)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(2)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(0.98000.106)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5(0.98000.480)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.0(0.98000.225)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5(0.98000.88)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5(1.98991.13)	Trust: 0.3
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3
vendor:	rockwell	model:	automation stratix	scope:	ne	version:	590015.6.3	Trust: 0.3
vendor:	cisco	model:	unified communications manager 9.1 su4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 11.0 su1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 10.5 su3	scope:	ne	version:	-	Trust: 0.3

sources: BID: 85372 // JVNDB: JVNDB-2016-001911 // CNNVD: CNNVD-201603-356 // NVD: CVE-2016-1350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1350
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1350
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201603-356
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90169
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1350
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90169
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1350
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90169 // JVNDB: JVNDB-2016-001911 // CNNVD: CNNVD-201603-356 // NVD: CVE-2016-1350

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-90169 // JVNDB: JVNDB-2016-001911 // NVD: CVE-2016-1350

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-356

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201603-356

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001911

PATCH

title:	cisco-sa-20160323-sip	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip	Trust: 0.8
title:	cisco-sa-20160323-sip	url:	http://www.cisco.com/cisco/web/support/JP/113/1136/1136603_cisco-sa-20160323-sip-j.html	Trust: 0.8
title:	Multiple Cisco product Session Initiation Protocol Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60681	Trust: 0.6

sources: JVNDB: JVNDB-2016-001911 // CNNVD: CNNVD-201603-356

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1350	Trust: 2.8
db:	BID	id:	85372	Trust: 1.4
db:	SECTRACK	id:	1035420	Trust: 1.1
db:	SECTRACK	id:	1035421	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001911	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-356	Trust: 0.7
db:	ICS CERT	id:	ICSA-17-094-04	Trust: 0.3
db:	VULHUB	id:	VHN-90169	Trust: 0.1

sources: VULHUB: VHN-90169 // BID: 85372 // JVNDB: JVNDB-2016-001911 // CNNVD: CNNVD-201603-356 // NVD: CVE-2016-1350

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160323-sip	Trust: 1.7
url:	http://www.securityfocus.com/bid/85372	Trust: 1.1
url:	http://www.securitytracker.com/id/1035420	Trust: 1.1
url:	http://www.securitytracker.com/id/1035421	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1350	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1350	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-094-04	Trust: 0.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160323-sip	Trust: 0.3

sources: VULHUB: VHN-90169 // BID: 85372 // JVNDB: JVNDB-2016-001911 // CNNVD: CNNVD-201603-356 // NVD: CVE-2016-1350

CREDITS

Cisco

Trust: 0.3

sources: BID: 85372

SOURCES

db:	VULHUB	id:	VHN-90169
db:	BID	id:	85372
db:	JVNDB	id:	JVNDB-2016-001911
db:	CNNVD	id:	CNNVD-201603-356
db:	NVD	id:	CVE-2016-1350

LAST UPDATE DATE

2024-11-23T20:57:42.480000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90169	date:	2017-05-12T00:00:00
db:	BID	id:	85372	date:	2017-05-23T16:23:00
db:	JVNDB	id:	JVNDB-2016-001911	date:	2016-03-29T00:00:00
db:	CNNVD	id:	CNNVD-201603-356	date:	2016-03-28T00:00:00
db:	NVD	id:	CVE-2016-1350	date:	2024-11-21T02:46:14.123

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90169	date:	2016-03-26T00:00:00
db:	BID	id:	85372	date:	2016-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2016-001911	date:	2016-03-29T00:00:00
db:	CNNVD	id:	CNNVD-201603-356	date:	2016-03-24T00:00:00
db:	NVD	id:	CVE-2016-1350	date:	2016-03-26T01:59:04.090