Sign-up

ID

VAR-201610-0303


CVE

CVE-2016-6379


TITLE

Cisco IOS and IOS XE Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-005148

DESCRIPTION

Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. IPDetailRecord (IPDR) is one of the modules that provides detailed network information logging. A remote attacker could exploit the vulnerability by sending a specially crafted IPDR packet, causing the device to be overloaded, resulting in a denial of service. This issue is being tracked by Cisco Bug ID CSCuu35089

Trust: 2.52

sources: NVD: CVE-2016-6379 // JVNDB: JVNDB-2016-005148 // CNVD: CNVD-2016-08386 // BID: 93205 // VULHUB: VHN-95199

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-08386

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sci1a

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.14.4s

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sch2

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)cy

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.1.1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sci

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sch5

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sci3

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.15.3s

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sci1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.16.0s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sch1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.1.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sch

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.1.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.14.0s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)cy1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sch6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.0s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sch2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.14.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.0cs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.4s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sch3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.14.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.2s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)cx

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.14.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.1cs

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sch0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sch4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:16.1

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.14 to 3.16

Trust: 0.8

vendor:ciscomodel:ubr10000 series universal broadband routersscope: - version: -

Trust: 0.6

vendor:ciscomodel:ubr7225vxr universal broadband routersscope: - version: -

Trust: 0.6

vendor:ciscomodel:ubr7200 series universal broadband routersscope: - version: -

Trust: 0.6

vendor:ciscomodel:cbr series converged broadband routersscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-08386 // BID: 93205 // JVNDB: JVNDB-2016-005148 // CNNVD: CNNVD-201609-642 // NVD: CVE-2016-6379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6379
value: HIGH

Trust: 1.0

NVD: CVE-2016-6379
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-08386
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201609-642
value: HIGH

Trust: 0.6

VULHUB: VHN-95199
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6379
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-08386
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95199
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6379
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-08386 // VULHUB: VHN-95199 // JVNDB: JVNDB-2016-005148 // CNNVD: CNNVD-201609-642 // NVD: CVE-2016-6379

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-95199 // JVNDB: JVNDB-2016-005148 // NVD: CVE-2016-6379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-642

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201609-642

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005148

PATCH
title:cisco-sa-20160928-ipdrurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr
Trust: 0.8
title:Patch for CiscoIOSandIOSXESoftware Denial of Service Vulnerability (CNVD-2016-08386)url:https://www.cnvd.org.cn/patchInfo/show/82005
Trust: 0.6
title:Cisco IOS  and IOS XE Software IP Detail Record Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64412
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-08386 // 
            
            
            
            JVNDB: JVNDB-2016-005148 // 
            
            
            
            CNNVD: CNNVD-201609-642

EXTERNAL IDS
db:NVDid:CVE-2016-6379
Trust: 3.4
db:BIDid:93205
Trust: 2.6
db:SECTRACKid:1036914
Trust: 1.1
db:JVNDBid:JVNDB-2016-005148
Trust: 0.8
db:CNNVDid:CNNVD-201609-642
Trust: 0.7
db:CNVDid:CNVD-2016-08386
Trust: 0.6
db:VULHUBid:VHN-95199
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-08386 // 
            
            
            
            VULHUB: VHN-95199 // 
            
            
            
            BID: 93205 // 
            
            
            
            JVNDB: JVNDB-2016-005148 // 
            
            
            
            CNNVD: CNNVD-201609-642 // 
            
            
            
            NVD: CVE-2016-6379

REFERENCES
url:http://www.securityfocus.com/bid/93205
Trust: 2.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160928-ipdr
Trust: 2.0
url:http://www.securitytracker.com/id/1036914
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6379
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6379
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-08386 // 
            
            
            
            VULHUB: VHN-95199 // 
            
            
            
            BID: 93205 // 
            
            
            
            JVNDB: JVNDB-2016-005148 // 
            
            
            
            CNNVD: CNNVD-201609-642 // 
            
            
            
            NVD: CVE-2016-6379

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 93205 // 
            
            
            
            CNNVD: CNNVD-201609-642

SOURCES
db:CNVDid:CNVD-2016-08386
db:VULHUBid:VHN-95199
db:BIDid:93205
db:JVNDBid:JVNDB-2016-005148
db:CNNVDid:CNNVD-201609-642
db:NVDid:CVE-2016-6379

LAST UPDATE DATE
2024-11-23T20:09:38.198000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-08386date:2016-10-08T00:00:00
db:VULHUBid:VHN-95199date:2017-07-30T00:00:00
db:BIDid:93205date:2016-10-03T04:01:00
db:JVNDBid:JVNDB-2016-005148date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201609-642date:2016-10-11T00:00:00
db:NVDid:CVE-2016-6379date:2024-11-21T02:56:00.997

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-08386date:2016-10-08T00:00:00
db:VULHUBid:VHN-95199date:2016-10-05T00:00:00
db:BIDid:93205date:2016-09-28T00:00:00
db:JVNDBid:JVNDB-2016-005148date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201609-642date:2016-09-29T00:00:00
db:NVDid:CVE-2016-6379date:2016-10-05T20:59:02.977