ID

VAR-201609-0325


CVE

CVE-2016-6415


TITLE

plural Cisco Product server IKEv1 Vulnerability in the implementation of critical information obtained from device memory

Trust: 0.8

sources: JVNDB: JVNDB-2016-004798

DESCRIPTION

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN. Cisco IOS and so on are all operating systems developed by Cisco. An information disclosure vulnerability exists in the implementation of server IKEv1 in several Cisco products. A remote attacker can use the vulnerability to send sensitive information from the device's memory by sending a SecurityAssociation negotiation request. This issue is being tracked by Cisco Bug IDs CSCvb29204 and CSCvb36055

Trust: 2.61

sources: NVD: CVE-2016-6415 // JVNDB: JVNDB-2016-004798 // CNVD: CNVD-2016-07726 // BID: 93003 // VULHUB: VHN-95235 // VULMON: CVE-2016-6415

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-07726

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:4.3.x

Trust: 1.4

vendor:ciscomodel:ios xrscope:gteversion:4.3.0

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:15.6

Trust: 1.0

vendor:ciscomodel:iosscope:gteversion:15.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:5.3.0

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:12.4

Trust: 1.0

vendor:ciscomodel:iosscope:gteversion:12.2

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:3.18s

Trust: 1.0

vendor:ciscomodel:ios xrscope:gteversion:5.0.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:4.3.4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2 to 12.4

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.0 to 15.6

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:16.1

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:16.2

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:16.3

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.12s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.13s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.14s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.15s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.16s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.17s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.18s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.1s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.2s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.3s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.3sg

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.3xo

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.4s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.4sg

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.5e

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.5s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.6e

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.6s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.7e

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.7s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.8e

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.8s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.9e

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.9s

Trust: 0.8

vendor:ciscomodel:ios xrscope:eqversion:5.0.x to 5.2.x

Trust: 0.8

vendor:ciscomodel:pix firewall softwarescope:ltversion:7.0

Trust: 0.8

vendor:ciscomodel:ios xrscope:eqversion:5.0.x

Trust: 0.6

vendor:ciscomodel:ios xrscope:eqversion:5.1.x

Trust: 0.6

vendor:ciscomodel:ios xrscope:eqversion:5.2.x

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.3\(4\)t2

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(15\)xz2

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.3\(7\)xi1c

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)scd7

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.3\(8\)yd1

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(22\)xr2

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.3\(14\)t2

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.3\(7\)xr4

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(18\)zu2

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(22\)yb2

Trust: 0.6

vendor:rockwellmodel:automation stratixscope:eqversion:59000

Trust: 0.3

vendor:ciscomodel:ios xrscope:eqversion:5.1.1

Trust: 0.3

vendor:ciscomodel:ios xrscope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:ios xrscope:eqversion:4.3.2

Trust: 0.3

vendor:ciscomodel:ios xrscope:eqversion:4.3.1

Trust: 0.3

vendor:ciscomodel:ios xrscope:eqversion:4.3

Trust: 0.3

vendor:ciscomodel:ios xrscope:eqversion:5.2

Trust: 0.3

vendor:ciscomodel:ios xrscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:ios xrscope:eqversion:4.3.4

Trust: 0.3

vendor:ciscomodel:ios xescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ios 15.6tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.6spscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.6snscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.6sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.6mscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.5tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.5snscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.5sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.5mscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4syscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4mscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4cgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3syscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3mscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2syscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2sniscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2snhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2sngscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2mscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2gcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2eyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2eascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2escope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1syscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1sniscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1snhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1sngscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1sgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1mrascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1mrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1mscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.1gcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0syscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0sgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0sescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0mscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0eyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0ekscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0ejscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0ehscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0edscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4ygscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4yescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4xrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4xqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4swscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4mdbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4mdascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4mdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.4gcscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.4

Trust: 0.3

vendor:ciscomodel:ios 12.2zyascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2syscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sxiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sxhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2srescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2srdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sciscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2schscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2scgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2scfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2scescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2scdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2mrbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2iriscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2irhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2irgscope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation stratixscope:neversion:590015.6.3

Trust: 0.3

sources: CNVD: CNVD-2016-07726 // BID: 93003 // JVNDB: JVNDB-2016-004798 // CNNVD: CNNVD-201609-342 // NVD: CVE-2016-6415

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6415
value: HIGH

Trust: 1.0

NVD: CVE-2016-6415
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-07726
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201609-342
value: HIGH

Trust: 0.6

VULHUB: VHN-95235
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-6415
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6415
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-07726
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95235
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6415
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-6415
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-07726 // VULHUB: VHN-95235 // VULMON: CVE-2016-6415 // JVNDB: JVNDB-2016-004798 // CNNVD: CNNVD-201609-342 // NVD: CVE-2016-6415

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-95235 // JVNDB: JVNDB-2016-004798 // NVD: CVE-2016-6415

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-342

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201609-342

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004798

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-95235 // VULMON: CVE-2016-6415

PATCH

title:cisco-sa-20160916-ikev1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

Trust: 0.8

title:Patches for multiple Cisco product information disclosure vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/81503

Trust: 0.6

title:CVE-2016-6415-BenignCertain-Monitorurl:https://github.com/3ndG4me/CVE-2016-6415-BenignCertain-Monitor

Trust: 0.1

title:benigncertainurl:https://github.com/dinosn/benigncertain

Trust: 0.1

title:MS17-010url:https://github.com/oneplus-x/MS17-010

Trust: 0.1

title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/Exp101tsArchiv30thers

Trust: 0.1

title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-warns-of-ios-flaw-vulnerable-to-shadowbrokers-attack/120668/

Trust: 0.1

sources: CNVD: CNVD-2016-07726 // VULMON: CVE-2016-6415 // JVNDB: JVNDB-2016-004798

EXTERNAL IDS

db:NVDid:CVE-2016-6415

Trust: 3.5

db:BIDid:93003

Trust: 2.1

db:SECTRACKid:1036841

Trust: 1.8

db:JVNDBid:JVNDB-2016-004798

Trust: 0.8

db:CNNVDid:CNNVD-201609-342

Trust: 0.7

db:CNVDid:CNVD-2016-07726

Trust: 0.6

db:ICS CERTid:ICSA-17-094-04

Trust: 0.4

db:EXPLOIT-DBid:43383

Trust: 0.2

db:SEEBUGid:SSVID-92480

Trust: 0.1

db:VULHUBid:VHN-95235

Trust: 0.1

db:VULMONid:CVE-2016-6415

Trust: 0.1

sources: CNVD: CNVD-2016-07726 // VULHUB: VHN-95235 // VULMON: CVE-2016-6415 // BID: 93003 // JVNDB: JVNDB-2016-004798 // CNNVD: CNNVD-201609-342 // NVD: CVE-2016-6415

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160916-ikev1

Trust: 2.7

url:http://www.securityfocus.com/bid/93003

Trust: 1.8

url:http://www.securitytracker.com/id/1036841

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6415

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6415

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-04

Trust: 0.4

url:http://www.cisco.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://github.com/3ndg4me/cve-2016-6415-benigncertain-monitor

Trust: 0.1

url:https://www.exploit-db.com/exploits/43383/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2016-07726 // VULHUB: VHN-95235 // VULMON: CVE-2016-6415 // BID: 93003 // JVNDB: JVNDB-2016-004798 // CNNVD: CNNVD-201609-342 // NVD: CVE-2016-6415

CREDITS

Shadow Brokers

Trust: 0.3

sources: BID: 93003

SOURCES

db:CNVDid:CNVD-2016-07726
db:VULHUBid:VHN-95235
db:VULMONid:CVE-2016-6415
db:BIDid:93003
db:JVNDBid:JVNDB-2016-004798
db:CNNVDid:CNNVD-201609-342
db:NVDid:CVE-2016-6415

LAST UPDATE DATE

2024-11-23T20:16:54.202000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-07726date:2016-09-26T00:00:00
db:VULHUBid:VHN-95235date:2020-06-03T00:00:00
db:VULMONid:CVE-2016-6415date:2020-06-03T00:00:00
db:BIDid:93003date:2017-05-23T16:23:00
db:JVNDBid:JVNDB-2016-004798date:2016-09-21T00:00:00
db:CNNVDid:CNNVD-201609-342date:2020-06-04T00:00:00
db:NVDid:CVE-2016-6415date:2024-11-21T02:56:05.187

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-07726date:2016-09-20T00:00:00
db:VULHUBid:VHN-95235date:2016-09-19T00:00:00
db:VULMONid:CVE-2016-6415date:2016-09-19T00:00:00
db:BIDid:93003date:2016-09-16T00:00:00
db:JVNDBid:JVNDB-2016-004798date:2016-09-21T00:00:00
db:CNNVDid:CNNVD-201609-342date:2016-09-19T00:00:00
db:NVDid:CVE-2016-6415date:2016-09-19T01:59:06.167