Details of VAR-201605-0407

ID

VAR-201605-0407

CVE

CVE-2016-1399

TITLE

Cisco Industrial Ethernet 4000 and 5000 Run on device Cisco IOS Service disruption in future packet processing microcode (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002740

DESCRIPTION

The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431. The CiscoIOSon Industrial Ethernet (IE) 4000 and the Industrial Ethernet (IE) 5000 are Cisco Systems' operating systems running on Cisco IE4000 and 5000 Series switches. There is a security hole in the packet-processing microcode in Cisco IOS on Cisco IE4000 and IE5000. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuy13431

Trust: 2.52

sources: NVD: CVE-2016-1399 // JVNDB: JVNDB-2016-002740 // CNVD: CNVD-2016-03253 // BID: 90665 // VULHUB: VHN-90218

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-03253

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(2\)eb	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(2\)ea1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(4\)ea	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(2\)eb1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(2\)ea	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(2\)ea2	Trust: 1.6
vendor:	cisco	model:	ios 15.2 ea	scope:	eq	version:	4000	Trust: 1.2
vendor:	cisco	model:	ios	scope:	eq	version:	15.2(2)ea (industrial ethernet 4000)	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.2(2)ea1 (industrial ethernet 4000)	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.2(2)ea2 (industrial ethernet 4000)	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.2(2)eb (industrial ethernet 5000)	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.2(2)eb1 (industrial ethernet 5000)	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.2(4)ea (industrial ethernet 4000)	Trust: 0.8
vendor:	cisco	model:	ios 15.2 ea1	scope:	eq	version:	4000	Trust: 0.6
vendor:	cisco	model:	ios 15.2 ea2	scope:	eq	version:	4000	Trust: 0.6
vendor:	cisco	model:	ios 15.2 eb	scope:	eq	version:	5000	Trust: 0.6
vendor:	cisco	model:	ios 15.2 eb1	scope:	eq	version:	5000	Trust: 0.6

sources: CNVD: CNVD-2016-03253 // JVNDB: JVNDB-2016-002740 // CNNVD: CNNVD-201605-394 // NVD: CVE-2016-1399

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1399
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1399
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-03253
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201605-394
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90218
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1399
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-03253
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90218
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1399
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-03253 // VULHUB: VHN-90218 // JVNDB: JVNDB-2016-002740 // CNNVD: CNNVD-201605-394 // NVD: CVE-2016-1399

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-90218 // JVNDB: JVNDB-2016-002740 // NVD: CVE-2016-1399

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-394

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201605-394

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002740

PATCH

title:	cisco-sa-20160513-ies	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160513-ies	Trust: 0.8
title:	Patch for CiscoIndustrialEthernet4000 and Ethernet5000IOS Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/76048	Trust: 0.6
title:	Cisco Industrial Ethernet 4000 and Ethernet 5000 IOS Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61710	Trust: 0.6

sources: CNVD: CNVD-2016-03253 // JVNDB: JVNDB-2016-002740 // CNNVD: CNNVD-201605-394

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1399	Trust: 3.4
db:	ICS CERT	id:	ICSA-16-175-01	Trust: 2.8
db:	BID	id:	90665	Trust: 2.0
db:	SECTRACK	id:	1035898	Trust: 1.7
db:	JVNDB	id:	JVNDB-2016-002740	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-394	Trust: 0.7
db:	CNVD	id:	CNVD-2016-03253	Trust: 0.6
db:	VULHUB	id:	VHN-90218	Trust: 0.1

sources: CNVD: CNVD-2016-03253 // VULHUB: VHN-90218 // BID: 90665 // JVNDB: JVNDB-2016-002740 // CNNVD: CNNVD-201605-394 // NVD: CVE-2016-1399

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-175-01	Trust: 2.8
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160513-ies	Trust: 2.6
url:	http://www.securityfocus.com/bid/90665	Trust: 1.7
url:	http://www.securitytracker.com/id/1035898	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1399	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1399	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-03253 // VULHUB: VHN-90218 // BID: 90665 // JVNDB: JVNDB-2016-002740 // CNNVD: CNNVD-201605-394 // NVD: CVE-2016-1399

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 90665

SOURCES

db:	CNVD	id:	CNVD-2016-03253
db:	VULHUB	id:	VHN-90218
db:	BID	id:	90665
db:	JVNDB	id:	JVNDB-2016-002740
db:	CNNVD	id:	CNNVD-201605-394
db:	NVD	id:	CVE-2016-1399

LAST UPDATE DATE

2024-11-23T22:01:32.327000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-03253	date:	2016-05-18T00:00:00
db:	VULHUB	id:	VHN-90218	date:	2016-12-01T00:00:00
db:	BID	id:	90665	date:	2016-07-06T15:06:00
db:	JVNDB	id:	JVNDB-2016-002740	date:	2016-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201605-394	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2016-1399	date:	2024-11-21T02:46:22.233

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-03253	date:	2016-05-18T00:00:00
db:	VULHUB	id:	VHN-90218	date:	2016-05-14T00:00:00
db:	BID	id:	90665	date:	2016-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-002740	date:	2016-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201605-394	date:	2016-05-16T00:00:00
db:	NVD	id:	CVE-2016-1399	date:	2016-05-14T01:59:01.420