cvelistv5 - cve-2016-6384

CVE-2016-6384 (GCVE-0-2016-6384)

Vulnerability from cvelistv5 – Published: 2016-10-05 17:00 – Updated: 2024-08-06 01:29

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id/1036914	vdb-entryx_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/93209	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036914",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036914"
          },
          {
            "name": "20160928 Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323"
          },
          {
            "name": "93209",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93209"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1036914",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036914"
        },
        {
          "name": "20160928 Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323"
        },
        {
          "name": "93209",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93209"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6384",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036914",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036914"
            },
            {
              "name": "20160928 Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323"
            },
            {
              "name": "93209",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93209"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6384",
    "datePublished": "2016-10-05T17:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.2\", \"versionEndIncluding\": \"12.4\", \"matchCriteriaId\": \"FBB64D7E-7C96-4A3D-BA83-60EE8D5DFB21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0\", \"versionEndIncluding\": \"15.6\", \"matchCriteriaId\": \"650EB42C-D85F-482B-972D-7DCAC210DC48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.1\", \"versionEndIncluding\": \"3.17\", \"matchCriteriaId\": \"972A3BB5-EE95-444D-A492-3A9231448BF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47C86D01-6B26-4BAB-8B61-598823230DC7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.\"}, {\"lang\": \"es\", \"value\": \"Cisco IOS 12.2 hasta la versi\\u00f3n 12.4 y 15.0 hasta la versi\\u00f3n 15.6 e IOS XE 3.1 hasta la versi\\u00f3n 3.17 y 16.2 permiten a atacantes remotos provocar una denegaci\\u00f3n de servicio (recarga del dispositivo) a trav\\u00e9s de campos manipulados en un mensaje H.323, vulnerabilidad tambi\\u00e9n conocida como Bug ID CSCux04257.\"}]",
      "id": "CVE-2016-6384",
      "lastModified": "2024-11-21T02:56:01.860",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-10-05T17:59:02.727",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93209\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036914\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93209\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036914\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6384\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-10-05T17:59:02.727\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.\"},{\"lang\":\"es\",\"value\":\"Cisco IOS 12.2 hasta la versi\u00f3n 12.4 y 15.0 hasta la versi\u00f3n 15.6 e IOS XE 3.1 hasta la versi\u00f3n 3.17 y 16.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga del dispositivo) a trav\u00e9s de campos manipulados en un mensaje H.323, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCux04257.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2\",\"versionEndIncluding\":\"12.4\",\"matchCriteriaId\":\"FBB64D7E-7C96-4A3D-BA83-60EE8D5DFB21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndIncluding\":\"15.6\",\"matchCriteriaId\":\"650EB42C-D85F-482B-972D-7DCAC210DC48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1\",\"versionEndIncluding\":\"3.17\",\"matchCriteriaId\":\"972A3BB5-EE95-444D-A492-3A9231448BF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47C86D01-6B26-4BAB-8B61-598823230DC7\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93209\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036914\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036914\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CERTFR-2016-AVI-322

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Cisco IOS et Cisco IOS XE. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	IOS XE	Cisco IOS XE versions 16.x
Cisco	IOS XE	Cisco IOS, voir sur le site du constructeur pour vérifier si votre système est vulnérable (cf. section Documentation)
Cisco	IOS XE	Cisco IOS XE versions 3.x

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160928-frag du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-ios-ikev1 du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-cip du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-smi du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-msdp du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-dns du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-h323 du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-ipdr du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-h323 du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-msdp du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-cip du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-ios-ikev1 du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-ipdr du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-frag du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-dns du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-smi du 28 septembre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco IOS XE versions 16.x",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS, voir sur le site du constructeur pour v\u00e9rifier si votre syst\u00e8me est vuln\u00e9rable (cf. section Documentation)",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS XE versions 3.x",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-6379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6379"
    },
    {
      "name": "CVE-2016-6385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6385"
    },
    {
      "name": "CVE-2016-6380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6380"
    },
    {
      "name": "CVE-2016-6386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6386"
    },
    {
      "name": "CVE-2016-6381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6381"
    },
    {
      "name": "CVE-2016-6382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6382"
    },
    {
      "name": "CVE-2016-6384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6384"
    },
    {
      "name": "CVE-2016-6391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6391"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-h323 du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-msdp du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-cip du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-ios-ikev1 du    28 septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-ipdr du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-frag du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-dns du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-smi du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi"
    }
  ],
  "reference": "CERTFR-2016-AVI-322",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco IOS\u003c/span\u003e et \u003cspan class=\"textit\"\u003eCisco IOS\nXE\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco IOS et IOS XE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-frag du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-ios-ikev1 du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-cip du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-smi du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-msdp du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-dns du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-h323 du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-ipdr du 28 septembre 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-322

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	IOS XE	Cisco IOS XE versions 16.x
Cisco	IOS XE	Cisco IOS, voir sur le site du constructeur pour vérifier si votre système est vulnérable (cf. section Documentation)
Cisco	IOS XE	Cisco IOS XE versions 3.x

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160928-frag du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-ios-ikev1 du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-cip du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-smi du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-msdp du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-dns du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-h323 du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-ipdr du 28 septembre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160928-h323 du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-msdp du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-cip du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-ios-ikev1 du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-ipdr du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-frag du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-dns du 28 septembre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160928-smi du 28 septembre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco IOS XE versions 16.x",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS, voir sur le site du constructeur pour v\u00e9rifier si votre syst\u00e8me est vuln\u00e9rable (cf. section Documentation)",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS XE versions 3.x",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-6379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6379"
    },
    {
      "name": "CVE-2016-6385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6385"
    },
    {
      "name": "CVE-2016-6380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6380"
    },
    {
      "name": "CVE-2016-6386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6386"
    },
    {
      "name": "CVE-2016-6381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6381"
    },
    {
      "name": "CVE-2016-6382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6382"
    },
    {
      "name": "CVE-2016-6384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6384"
    },
    {
      "name": "CVE-2016-6391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6391"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-h323 du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-msdp du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-cip du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-ios-ikev1 du    28 septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-ipdr du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-frag du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-dns du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-smi du 28    septembre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi"
    }
  ],
  "reference": "CERTFR-2016-AVI-322",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco IOS\u003c/span\u003e et \u003cspan class=\"textit\"\u003eCisco IOS\nXE\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco IOS et IOS XE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-frag du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-ios-ikev1 du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-cip du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-smi du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-msdp du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-dns du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-h323 du 28 septembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160928-ipdr du 28 septembre 2016",
      "url": null
    }
  ]
}

VAR-201610-0299

Vulnerability from variot - Updated: 2023-12-18 11:50

Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. The vulnerability stems from a program failing to properly validate fields in the H.323 protocol suite. A remote attacker could exploit the vulnerability by accessing an invalid memory area to cause a denial of service (restart and crash). An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCux04257

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0299",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "ios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "15.6"
      },
      {
        "model": "ios xe",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2"
      },
      {
        "model": "ios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "15.0"
      },
      {
        "model": "ios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4"
      },
      {
        "model": "ios xe",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.17"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.2 to  12.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "15.0 to  15.6"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.1 to  3.17"
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "12.2\\(13\\)zd2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "12.4\\(15\\)sw6"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.9.0s"
      },
      {
        "model": "ios xe",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.14.0s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "12.3\\(10d\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "12.2\\(13\\)zd4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "15.4\\(1\\)t1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "12.2\\(15\\)cz1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "12.3\\(2\\)xf"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "12.3\\(13a\\)"
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08397"
      },
      {
        "db": "BID",
        "id": "93209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6384"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-632"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.4",
                "versionStartIncluding": "12.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.6",
                "versionStartIncluding": "15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.17",
                "versionStartIncluding": "3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6384"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco.",
    "sources": [
      {
        "db": "BID",
        "id": "93209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-632"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-6384",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6384",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-08397",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-95204",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6384",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6384",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-08397",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-632",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95204",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6384",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08397"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95204"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6384"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-632"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. The vulnerability stems from a program failing to properly validate fields in the H.323 protocol suite. A remote attacker could exploit the vulnerability by accessing an invalid memory area to cause a denial of service (restart and crash). \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCux04257",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005152"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-08397"
      },
      {
        "db": "BID",
        "id": "93209"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95204"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6384"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6384",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "93209",
        "trust": 2.7
      },
      {
        "db": "SECTRACK",
        "id": "1036914",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005152",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-632",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-08397",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-95204",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6384",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08397"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95204"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6384"
      },
      {
        "db": "BID",
        "id": "93209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6384"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-632"
      }
    ]
  },
  "id": "VAR-201610-0299",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08397"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95204"
      }
    ],
    "trust": 1.32263757
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08397"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:50:32.824000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160928-h323",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160928-h323"
      },
      {
        "title": "Patch for CiscoIOSandIOSXESoftware Denial of Service Vulnerability (CNVD-2016-08397)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/82008"
      },
      {
        "title": "Cisco IOS  and IOS XE Software Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64405"
      },
      {
        "title": "Cisco: Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160928-h323"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/cisco-warns-of-critical-flaw-in-email-security-appliances/120968/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08397"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005152"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-632"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95204"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6384"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/93209"
      },
      {
        "trust": 2.2,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160928-h323"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1036914"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6384"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6384"
      },
      {
        "trust": 0.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/cisco-warns-of-critical-flaw-in-email-security-appliances/120968/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08397"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95204"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6384"
      },
      {
        "db": "BID",
        "id": "93209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6384"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-632"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-08397"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95204"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6384"
      },
      {
        "db": "BID",
        "id": "93209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6384"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-632"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-08397"
      },
      {
        "date": "2016-10-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95204"
      },
      {
        "date": "2016-10-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6384"
      },
      {
        "date": "2016-09-28T00:00:00",
        "db": "BID",
        "id": "93209"
      },
      {
        "date": "2016-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005152"
      },
      {
        "date": "2016-10-05T17:59:02.727000",
        "db": "NVD",
        "id": "CVE-2016-6384"
      },
      {
        "date": "2016-09-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-632"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-08397"
      },
      {
        "date": "2020-06-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95204"
      },
      {
        "date": "2020-06-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6384"
      },
      {
        "date": "2017-05-23T16:23:00",
        "db": "BID",
        "id": "93209"
      },
      {
        "date": "2016-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005152"
      },
      {
        "date": "2020-06-02T14:42:14.623000",
        "db": "NVD",
        "id": "CVE-2016-6384"
      },
      {
        "date": "2020-06-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-632"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-632"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS and  IOS XE Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005152"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-632"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-08397

Vulnerability from cnvd - Published: 2016-10-08

Title

Cisco IOS and IOS XE Software拒绝服务漏洞（CNVD-2016-08397）

Description

Cisco IOS和IOS XE Software都是美国思科（Cisco）公司为其网络设备开发的操作系统。 Cisco IOS和IOS XE Software中的H.323子系统存在拒绝服务漏洞，该漏洞源于程序未能正确验证H.323协议组中的字段。远程攻击者可通过访问无效的内存区域利用该漏洞造成拒绝服务（重启和崩溃）。

Severity

高

Patch Name

Cisco IOS and IOS XE Software拒绝服务漏洞（CNVD-2016-08397）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323

Reference

http://www.securityfocus.com/bid/93209

Impacted products

Name
['Cisco IOS', 'Cisco IOS XE Software']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93209"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6384"
    }
  },
  "description": "Cisco IOS\u548cIOS XE Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS\u548cIOS XE Software\u4e2d\u7684H.323\u5b50\u7cfb\u7edf\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1H.323\u534f\u8bae\u7ec4\u4e2d\u7684\u5b57\u6bb5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bbf\u95ee\u65e0\u6548\u7684\u5185\u5b58\u533a\u57df\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u91cd\u542f\u548c\u5d29\u6e83\uff09\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-08397",
  "openTime": "2016-10-08",
  "patchDescription": "Cisco IOS\u548cIOS XE Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS\u548cIOS XE Software\u4e2d\u7684H.323\u5b50\u7cfb\u7edf\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1H.323\u534f\u8bae\u7ec4\u4e2d\u7684\u5b57\u6bb5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bbf\u95ee\u65e0\u6548\u7684\u5185\u5b58\u533a\u57df\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u91cd\u542f\u548c\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS and IOS XE Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2016-08397\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS",
      "Cisco IOS XE Software"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/93209",
  "serverity": "\u9ad8",
  "submitTime": "2016-09-29",
  "title": "Cisco IOS and IOS XE Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2016-08397\uff09"
}

FKIE_CVE-2016-6384

Vulnerability from fkie_nvd - Published: 2016-10-05 17:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/93209	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1036914	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93209	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036914	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
cisco	ios	*
cisco	ios	*
cisco	ios_xe	*
cisco	ios_xe	16.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBB64D7E-7C96-4A3D-BA83-60EE8D5DFB21",
              "versionEndIncluding": "12.4",
              "versionStartIncluding": "12.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "650EB42C-D85F-482B-972D-7DCAC210DC48",
              "versionEndIncluding": "15.6",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "972A3BB5-EE95-444D-A492-3A9231448BF3",
              "versionEndIncluding": "3.17",
              "versionStartIncluding": "3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C86D01-6B26-4BAB-8B61-598823230DC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257."
    },
    {
      "lang": "es",
      "value": "Cisco IOS 12.2 hasta la versi\u00f3n 12.4 y 15.0 hasta la versi\u00f3n 15.6 e IOS XE 3.1 hasta la versi\u00f3n 3.17 y 16.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga del dispositivo) a trav\u00e9s de campos manipulados en un mensaje H.323, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCux04257."
    }
  ],
  "id": "CVE-2016-6384",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-05T17:59:02.727",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93209"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036914"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-6384

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6384

Aliases

CVE-2016-6384

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6384",
    "description": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.",
    "id": "GSD-2016-6384"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6384"
      ],
      "details": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.",
      "id": "GSD-2016-6384",
      "modified": "2023-12-13T01:21:23.033435Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-6384",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1036914",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036914"
          },
          {
            "name": "20160928 Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323"
          },
          {
            "name": "93209",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93209"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.4",
                "versionStartIncluding": "12.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.6",
                "versionStartIncluding": "15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.17",
                "versionStartIncluding": "3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6384"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160928 Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323"
            },
            {
              "name": "93209",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93209"
            },
            {
              "name": "1036914",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1036914"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-06-02T14:42Z",
      "publishedDate": "2016-10-05T17:59Z"
    }
  }
}

GHSA-5CCC-FRC7-5RRG

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-05T17:59:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.",
  "id": "GHSA-5ccc-frc7-5rrg",
  "modified": "2022-05-13T01:26:10Z",
  "published": "2022-05-13T01:26:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6384"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93209"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036914"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6384 (GCVE-0-2016-6384)

CERTFR-2016-AVI-322

Solution

CERTFR-2016-AVI-322

Solution

VAR-201610-0299

CNVD-2016-08397

FKIE_CVE-2016-6384

GSD-2016-6384

GHSA-5CCC-FRC7-5RRG

Tags

Sightings

Nomenclature