Details of VAR-201607-0435

ID

VAR-201607-0435

CVE

CVE-2016-1459

TITLE

Cisco IOS and IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-003786

DESCRIPTION

Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. This issue is being tracked by Cisco Bug ID CSCuz21061

Trust: 2.52

sources: NVD: CVE-2016-1459 // JVNDB: JVNDB-2016-003786 // CNVD: CNVD-2016-04937 // BID: 91800 // VULHUB: VHN-90278

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-04937

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(1\)m	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)t4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(15\)t17	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(4\)xc7	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(1\)ex	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(19a\)	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)gc5	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(24\)gc4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(22\)yb2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(3\)t4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 1.4
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(1\)m10	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.2s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(4\)gc2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0cs	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(1\)s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1cs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.3s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(4\)m10	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(2\)t4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.3s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(1\)m9	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)t4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.2s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(4\)m10	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(2\)t3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.5s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.0s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(4\)gc3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)sg	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(1\)sy	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0 to 15.5	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13 to 3.17	Trust: 0.8
vendor:	cisco	model:	ios	scope:	gte	version:	15.0<=15.5	Trust: 0.6
vendor:	cisco	model:	ios xe	scope:	gte	version:	3.13<=3.17	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2016-04937 // BID: 91800 // JVNDB: JVNDB-2016-003786 // CNNVD: CNNVD-201607-438 // NVD: CVE-2016-1459

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1459
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1459
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-04937
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201607-438
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90278
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1459
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:H/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-04937
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:H/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90278
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:H/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1459
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-04937 // VULHUB: VHN-90278 // JVNDB: JVNDB-2016-003786 // CNNVD: CNNVD-201607-438 // NVD: CVE-2016-1459

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-90278 // JVNDB: JVNDB-2016-003786 // NVD: CVE-2016-1459

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-438

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201607-438

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003786

PATCH

title:	cisco-sa-20160715-bgp	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp	Trust: 0.8
title:	Patch for Cisco IOS and IOSXE Denial of Service Vulnerability (CNVD-2016-04937)	url:	https://www.cnvd.org.cn/patchInfo/show/79226	Trust: 0.6
title:	Cisco IOS and IOS XE Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62980	Trust: 0.6

sources: CNVD: CNVD-2016-04937 // JVNDB: JVNDB-2016-003786 // CNNVD: CNNVD-201607-438

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1459	Trust: 3.4
db:	BID	id:	91800	Trust: 2.0
db:	SECTRACK	id:	1036321	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-003786	Trust: 0.8
db:	CNNVD	id:	CNNVD-201607-438	Trust: 0.7
db:	CNVD	id:	CNVD-2016-04937	Trust: 0.6
db:	VULHUB	id:	VHN-90278	Trust: 0.1

sources: CNVD: CNVD-2016-04937 // VULHUB: VHN-90278 // BID: 91800 // JVNDB: JVNDB-2016-003786 // CNNVD: CNNVD-201607-438 // NVD: CVE-2016-1459

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160715-bgp	Trust: 2.0
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1459	Trust: 1.4
url:	http://www.securityfocus.com/bid/91800	Trust: 1.1
url:	http://www.securitytracker.com/id/1036321	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1459	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2016-04937 // VULHUB: VHN-90278 // BID: 91800 // JVNDB: JVNDB-2016-003786 // CNNVD: CNNVD-201607-438 // NVD: CVE-2016-1459

CREDITS

Cisco

Trust: 0.3

sources: BID: 91800

SOURCES

db:	CNVD	id:	CNVD-2016-04937
db:	VULHUB	id:	VHN-90278
db:	BID	id:	91800
db:	JVNDB	id:	JVNDB-2016-003786
db:	CNNVD	id:	CNNVD-201607-438
db:	NVD	id:	CVE-2016-1459

LAST UPDATE DATE

2024-11-23T22:59:28.240000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-04937	date:	2016-07-19T00:00:00
db:	VULHUB	id:	VHN-90278	date:	2017-09-01T00:00:00
db:	BID	id:	91800	date:	2016-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-003786	date:	2016-07-21T00:00:00
db:	CNNVD	id:	CNNVD-201607-438	date:	2016-07-18T00:00:00
db:	NVD	id:	CVE-2016-1459	date:	2024-11-21T02:46:28.993

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-04937	date:	2016-07-19T00:00:00
db:	VULHUB	id:	VHN-90278	date:	2016-07-17T00:00:00
db:	BID	id:	91800	date:	2016-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-003786	date:	2016-07-21T00:00:00
db:	CNNVD	id:	CNNVD-201607-438	date:	2016-07-18T00:00:00
db:	NVD	id:	CVE-2016-1459	date:	2016-07-17T22:59:03.303