ID
VAR-201608-0219
CVE
CVE-2016-6355
TITLE
Cisco ASR 9001 Run on device Cisco IOS XR Denial of service in Japan (DoS) Vulnerability
Trust: 0.8
DESCRIPTION
Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791. Vendors report this vulnerability Bug ID CSCux26791 Published as.Denial of service via a specially crafted fragmented packet by a third party ( Stop control plane protocol ) May be in a state. Cisco IOSXR Software is a fully modular, distributed network operating system from Cisco's IOS software family, including IOST, IOSS, and IOSXR. A remote denial of service vulnerability exists in Cisco IOSXR Software Releases 5.1.x, 5.2.x, and 5.3.x. An attacker could exploit the vulnerability to compromise memory on the affected router, causing a denial of service. This issue is being tracked by Cisco Bug ID CSCux26791
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.1.1 | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.2.5 | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.2.4 | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.2.0 | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.1.2 | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.1.3 | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.3.1 | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.2.3 | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.1.0 | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.3.2 | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.2.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.2.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.1.1.k9sec | Trust: 1.0 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.3.0 | Trust: 1.0 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.1.3 for up to 5.1.x | Trust: 0.8 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.2.5 for up to 5.2.x | Trust: 0.8 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 5.3.2 for up to 5.3.x | Trust: 0.8 |
| vendor: | cisco | model: | ios xr software releases | scope: | eq | version: | 5.1.x | Trust: 0.6 |
| vendor: | cisco | model: | ios xr software releases | scope: | eq | version: | 5.2.x | Trust: 0.6 |
| vendor: | cisco | model: | ios xr software releases | scope: | eq | version: | 5.3.x | Trust: 0.6 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.3.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.2.4 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.2.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.2.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.1.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.1.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.3.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.1.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.1.0 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr software | scope: | eq | version: | 5.1 | Trust: 0.3 |
| vendor: | cisco | model: | asr aggregation services router | scope: | eq | version: | 90010 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-399 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
resource management error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20160810-iosxr | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr | Trust: 0.8 |
| title: | Patch for Cisco IOSXRSoftware Remote Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/80408 | Trust: 0.6 |
| title: | Cisco IOS XR Software Remediation measures for remote denial of service vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63609 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-6355 | Trust: 3.4 |
| db: | BID | id: | 92399 | Trust: 2.6 |
| db: | SECTRACK | id: | 1036585 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2016-004442 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201608-220 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2016-06305 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-95175 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/92399 | Trust: 2.3 |
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160810-iosxr | Trust: 2.0 |
| url: | http://www.securitytracker.com/id/1036585 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6355 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6355 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2016-06305 |
| db: | VULHUB | id: | VHN-95175 |
| db: | BID | id: | 92399 |
| db: | JVNDB | id: | JVNDB-2016-004442 |
| db: | CNNVD | id: | CNNVD-201608-220 |
| db: | NVD | id: | CVE-2016-6355 |
LAST UPDATE DATE
2024-11-23T23:12:35.549000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-06305 | date: | 2016-08-12T00:00:00 |
| db: | VULHUB | id: | VHN-95175 | date: | 2016-11-28T00:00:00 |
| db: | BID | id: | 92399 | date: | 2016-08-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-004442 | date: | 2016-08-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201608-220 | date: | 2016-08-24T00:00:00 |
| db: | NVD | id: | CVE-2016-6355 | date: | 2024-11-21T02:55:58.020 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-06305 | date: | 2016-08-12T00:00:00 |
| db: | VULHUB | id: | VHN-95175 | date: | 2016-08-23T00:00:00 |
| db: | BID | id: | 92399 | date: | 2016-08-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-004442 | date: | 2016-08-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201608-220 | date: | 2016-08-11T00:00:00 |
| db: | NVD | id: | CVE-2016-6355 | date: | 2016-08-23T02:11:03.007 |