Sign-up

ID

VAR-201611-0158


CVE

CVE-2016-6441


TITLE

Cisco ASR 900 Series router IOS XE of TL1 Vulnerabilities that cause code reloads

Trust: 0.8

sources: JVNDB: JVNDB-2016-005730

DESCRIPTION

A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. This vulnerability affects Cisco ASR 900 Series Aggregation Services Routers (ASR902, ASR903, and ASR907) that are running the following releases of Cisco IOS XE Software: 3.17.0S 3.17.1S 3.17.2S 3.18.0S 3.18.1S. More Information: CSCuy15175. Known Affected Releases: 15.6(1)S 15.6(2)S. Known Fixed Releases: 15.6(1)S2.12 15.6(1.17)S0.41 15.6(1.17)SP 15.6(2)SP 16.4(0.183) 16.5(0.10). The Cisco ASR900 Series is a modular aggregation service router. This issue being tracked by Cisco Bug ID CSCuy15175

Trust: 2.61

sources: NVD: CVE-2016-6441 // JVNDB: JVNDB-2016-005730 // CNVD: CNVD-2016-10615 // BID: 94072 // VULHUB: VHN-95261 // VULMON: CVE-2016-6441

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-10615

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:3.17.0s

Trust: 2.4

vendor:ciscomodel:ios xescope:eqversion:3.17.1s

Trust: 2.4

vendor:ciscomodel:ios xescope:eqversion:3.17.2s

Trust: 2.4

vendor:ciscomodel:ios xescope:eqversion:3.18.0s

Trust: 2.4

vendor:ciscomodel:ios xescope:eqversion:3.18.1s

Trust: 2.4

vendor:ciscomodel:ios xescope:eqversion:3.17s

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.18s

Trust: 1.6

vendor:ciscomodel:asr series aggregation services routers 3.17.0sscope:eqversion:900

Trust: 0.6

vendor:ciscomodel:asr series aggregation services routers 3.17.1sscope:eqversion:900

Trust: 0.6

vendor:ciscomodel:asr series aggregation services routers 3.17.2sscope:eqversion:900

Trust: 0.6

vendor:ciscomodel:asr series aggregation services routers 3.18.0sscope:eqversion:900

Trust: 0.6

vendor:ciscomodel:asr series aggregation services routers 3.18.1sscope:eqversion:900

Trust: 0.6

vendor:ciscomodel:ios xe software 3.18.1sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.18.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.17.2sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.17.1sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.17.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:asr907scope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asr903scope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asr902scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-10615 // BID: 94072 // JVNDB: JVNDB-2016-005730 // CNNVD: CNNVD-201611-007 // NVD: CVE-2016-6441

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6441
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-6441
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-10615
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201611-007
value: CRITICAL

Trust: 0.6

VULHUB: VHN-95261
value: HIGH

Trust: 0.1

VULMON: CVE-2016-6441
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6441
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-10615
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95261
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6441
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-10615 // VULHUB: VHN-95261 // VULMON: CVE-2016-6441 // JVNDB: JVNDB-2016-005730 // CNNVD: CNNVD-201611-007 // NVD: CVE-2016-6441

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-95261 // JVNDB: JVNDB-2016-005730 // NVD: CVE-2016-6441

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-007

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201611-007

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005730

PATCH
title:cisco-sa-20161102-tl1url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tl1
Trust: 0.8
title:Patch for Cisco ASR900Series AggregationServicesRouters Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/83523
Trust: 0.6
title:Cisco ASR 900 Series Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65237
Trust: 0.6
title:Threatposturl:https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-10615 // 
            
            
            
            VULMON: CVE-2016-6441 // 
            
            
            
            JVNDB: JVNDB-2016-005730 // 
            
            
            
            CNNVD: CNNVD-201611-007

EXTERNAL IDS
db:NVDid:CVE-2016-6441
Trust: 3.5
db:BIDid:94072
Trust: 2.1
db:SECTRACKid:1037179
Trust: 1.2
db:JVNDBid:JVNDB-2016-005730
Trust: 0.8
db:CNNVDid:CNNVD-201611-007
Trust: 0.7
db:CNVDid:CNVD-2016-10615
Trust: 0.6
db:VULHUBid:VHN-95261
Trust: 0.1
db:VULMONid:CVE-2016-6441
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-10615 // 
            
            
            
            VULHUB: VHN-95261 // 
            
            
            
            VULMON: CVE-2016-6441 // 
            
            
            
            BID: 94072 // 
            
            
            
            JVNDB: JVNDB-2016-005730 // 
            
            
            
            CNNVD: CNNVD-201611-007 // 
            
            
            
            NVD: CVE-2016-6441

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-tl1
Trust: 2.7
url:http://www.securityfocus.com/bid/94072
Trust: 1.2
url:http://www.securitytracker.com/id/1037179
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6441
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6441
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-10615 // 
            
            
            
            VULHUB: VHN-95261 // 
            
            
            
            VULMON: CVE-2016-6441 // 
            
            
            
            BID: 94072 // 
            
            
            
            JVNDB: JVNDB-2016-005730 // 
            
            
            
            CNNVD: CNNVD-201611-007 // 
            
            
            
            NVD: CVE-2016-6441

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 94072

SOURCES
db:CNVDid:CNVD-2016-10615
db:VULHUBid:VHN-95261
db:VULMONid:CVE-2016-6441
db:BIDid:94072
db:JVNDBid:JVNDB-2016-005730
db:CNNVDid:CNNVD-201611-007
db:NVDid:CVE-2016-6441

LAST UPDATE DATE
2024-11-23T22:30:56.504000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-10615date:2016-11-04T00:00:00
db:VULHUBid:VHN-95261date:2017-07-29T00:00:00
db:VULMONid:CVE-2016-6441date:2017-07-29T00:00:00
db:BIDid:94072date:2016-11-24T01:07:00
db:JVNDBid:JVNDB-2016-005730date:2016-11-08T00:00:00
db:CNNVDid:CNNVD-201611-007date:2016-11-04T00:00:00
db:NVDid:CVE-2016-6441date:2024-11-21T02:56:08.390

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-10615date:2016-11-04T00:00:00
db:VULHUBid:VHN-95261date:2016-11-03T00:00:00
db:VULMONid:CVE-2016-6441date:2016-11-03T00:00:00
db:BIDid:94072date:2016-11-02T00:00:00
db:JVNDBid:JVNDB-2016-005730date:2016-11-08T00:00:00
db:CNNVDid:CNNVD-201611-007date:2016-11-04T00:00:00
db:NVDid:CVE-2016-6441date:2016-11-03T21:59:02.967