Sign-up

ID

VAR-201610-0265


CVE

CVE-2016-6393


TITLE

Cisco IOS and IOS XE of AAA Denial of service in services (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-005157

DESCRIPTION

The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. Authentication, Authorization and Accounting (AAA) is one of the service modules for processing computer resources and user requirements and providing authentication and authorization for enterprises. This issue is being tracked by Cisco Bug ID CSCuy87667

Trust: 2.52

sources: NVD: CVE-2016-6393 // JVNDB: JVNDB-2016-005157 // CNVD: CNVD-2016-08394 // BID: 93196 // VULHUB: VHN-95213

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-08394

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.2

Trust: 1.8

vendor:ciscomodel:iosscope:lteversion:15.6

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:12.4

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:3.18.0

Trust: 1.0

vendor:ciscomodel:iosscope:gteversion:12.0

Trust: 1.0

vendor:ciscomodel:iosscope:gteversion:15.0

Trust: 1.0

vendor:ciscomodel:ios xescope:gteversion:2.1.0

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0 to 12.4

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.0 to 15.6

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.1 to 3.18

Trust: 0.8

vendor:ciscomodel:iosscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(5\)yg

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(5\)yh

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sg2

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.1\(1\)sy5

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(5\)yh3

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)sve

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.2\(5\)st

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.4.2sg

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(15\)xy

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.0\(1r\)m1

Trust: 0.6

vendor:rockwellmodel:automation stratixscope:eqversion:59000

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

vendor:rockwellmodel:automation stratixscope:neversion:590015.6.3

Trust: 0.3

sources: CNVD: CNVD-2016-08394 // BID: 93196 // JVNDB: JVNDB-2016-005157 // CNNVD: CNNVD-201609-647 // NVD: CVE-2016-6393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6393
value: HIGH

Trust: 1.0

NVD: CVE-2016-6393
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-08394
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201609-647
value: HIGH

Trust: 0.6

VULHUB: VHN-95213
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6393
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-08394
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95213
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6393
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-6393
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-08394 // VULHUB: VHN-95213 // JVNDB: JVNDB-2016-005157 // CNNVD: CNNVD-201609-647 // NVD: CVE-2016-6393

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-95213 // JVNDB: JVNDB-2016-005157 // NVD: CVE-2016-6393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-647

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201609-647

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005157

PATCH
title:cisco-sa-20160928-aaadosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados
Trust: 0.8
title:Patch for CiscoIOSandIOSXESoftware Denial of Service Vulnerability (CNVD-2016-08394)url:https://www.cnvd.org.cn/patchInfo/show/82020
Trust: 0.6
title:Cisco IOS  and IOS XE Software Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64415
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-08394 // 
            
            
            
            JVNDB: JVNDB-2016-005157 // 
            
            
            
            CNNVD: CNNVD-201609-647

EXTERNAL IDS
db:NVDid:CVE-2016-6393
Trust: 3.4
db:BIDid:93196
Trust: 2.6
db:ICS CERTid:ICSA-16-287-04
Trust: 2.5
db:SECTRACKid:1036914
Trust: 1.7
db:JVNDBid:JVNDB-2016-005157
Trust: 0.8
db:CNNVDid:CNNVD-201609-647
Trust: 0.7
db:CNVDid:CNVD-2016-08394
Trust: 0.6
db:ICS CERTid:ICSA-17-094-04
Trust: 0.3
db:VULHUBid:VHN-95213
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-08394 // 
            
            
            
            VULHUB: VHN-95213 // 
            
            
            
            BID: 93196 // 
            
            
            
            JVNDB: JVNDB-2016-005157 // 
            
            
            
            CNNVD: CNNVD-201609-647 // 
            
            
            
            NVD: CVE-2016-6393

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-287-04
Trust: 2.5
url:http://www.securityfocus.com/bid/93196
Trust: 2.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160928-aaados
Trust: 2.0
url:http://www.securitytracker.com/id/1036914
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6393
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6393
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-04
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-08394 // 
            
            
            
            VULHUB: VHN-95213 // 
            
            
            
            BID: 93196 // 
            
            
            
            JVNDB: JVNDB-2016-005157 // 
            
            
            
            CNNVD: CNNVD-201609-647 // 
            
            
            
            NVD: CVE-2016-6393

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 93196 // 
            
            
            
            CNNVD: CNNVD-201609-647

SOURCES
db:CNVDid:CNVD-2016-08394
db:VULHUBid:VHN-95213
db:BIDid:93196
db:JVNDBid:JVNDB-2016-005157
db:CNNVDid:CNNVD-201609-647
db:NVDid:CVE-2016-6393

LAST UPDATE DATE
2024-11-23T19:36:45.043000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-08394date:2016-10-08T00:00:00
db:VULHUBid:VHN-95213date:2020-05-11T00:00:00
db:BIDid:93196date:2017-05-23T16:23:00
db:JVNDBid:JVNDB-2016-005157date:2016-11-10T00:00:00
db:CNNVDid:CNNVD-201609-647date:2020-05-12T00:00:00
db:NVDid:CVE-2016-6393date:2024-11-21T02:56:02.633

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-08394date:2016-10-08T00:00:00
db:VULHUBid:VHN-95213date:2016-10-05T00:00:00
db:BIDid:93196date:2016-09-28T00:00:00
db:JVNDBid:JVNDB-2016-005157date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201609-647date:2016-09-29T00:00:00
db:NVDid:CVE-2016-6393date:2016-10-05T20:59:07.853