ID

VAR-201610-0272


CVE

CVE-2016-6421


TITLE

Cisco IOS XR Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-005161

DESCRIPTION

Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvb05643

Trust: 1.98

sources: NVD: CVE-2016-6421 // JVNDB: JVNDB-2016-005161 // BID: 93212 // VULHUB: VHN-95241

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:5.2.2

Trust: 2.4

vendor:ciscomodel:ios xr softwarescope:eqversion:0

Trust: 0.3

sources: BID: 93212 // JVNDB: JVNDB-2016-005161 // CNNVD: CNNVD-201609-630 // NVD: CVE-2016-6421

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6421
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6421
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201609-630
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95241
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6421
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95241
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6421
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95241 // JVNDB: JVNDB-2016-005161 // CNNVD: CNNVD-201609-630 // NVD: CVE-2016-6421

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-95241 // JVNDB: JVNDB-2016-005161 // NVD: CVE-2016-6421

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-630

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201609-630

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:cisco:ios_xr"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2016-005161

PATCH

title:cisco-sa-20160928-ospfurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ospf

Trust: 0.8

sources: JVNDB: JVNDB-2016-005161

EXTERNAL IDS

db:NVDid:CVE-2016-6421

Trust: 2.8

db:BIDid:93212

Trust: 2.0

db:SECTRACKid:1036909

Trust: 1.1

db:JVNDBid:JVNDB-2016-005161

Trust: 0.8

db:CNNVDid:CNNVD-201609-630

Trust: 0.7

db:VULHUBid:VHN-95241

Trust: 0.1

sources: VULHUB: VHN-95241 // BID: 93212 // JVNDB: JVNDB-2016-005161 // CNNVD: CNNVD-201609-630 // NVD: CVE-2016-6421

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160928-ospf

Trust: 2.0

url:http://www.securityfocus.com/bid/93212

Trust: 1.7

url:http://www.securitytracker.com/id/1036909

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6421

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6421

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-95241 // BID: 93212 // JVNDB: JVNDB-2016-005161 // CNNVD: CNNVD-201609-630 // NVD: CVE-2016-6421

CREDITS

Cisco

Trust: 0.9

sources: BID: 93212 // CNNVD: CNNVD-201609-630

SOURCES

db:VULHUBid:VHN-95241
db:BIDid:93212
db:JVNDBid:JVNDB-2016-005161
db:CNNVDid:CNNVD-201609-630
db:NVDid:CVE-2016-6421

LAST UPDATE DATE

2024-11-23T22:22:43.512000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-95241date:2017-07-30T00:00:00
db:BIDid:93212date:2016-10-03T00:01:00
db:JVNDBid:JVNDB-2016-005161date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201609-630date:2016-10-11T00:00:00
db:NVDid:CVE-2016-6421date:2024-11-21T02:56:05.883

SOURCES RELEASE DATE

db:VULHUBid:VHN-95241date:2016-10-05T00:00:00
db:BIDid:93212date:2016-09-28T00:00:00
db:JVNDBid:JVNDB-2016-005161date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201609-630date:2016-09-29T00:00:00
db:NVDid:CVE-2016-6421date:2016-10-05T20:59:09.027