VAR-201609-0319
Vulnerability from variot - Updated: 2023-12-18 13:34The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015. Vendors have confirmed this vulnerability Bug ID CSCuy54015 It is released as.Service disruption through crafted traffic from a third party ( Off-boundary access ) There is a possibility of being put into a state. Cisco IOS and IOSXE are operating systems developed by Cisco for its network devices. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuy54015. Cisco IOS and IOS XE Software are vulnerable. Data in Motion (DMo) application is one of the dynamic data update tools
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.6\\(1\\)t"
},
{
"model": "ios xe",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "15.6(1)t"
},
{
"model": "ios 15.6 t",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08200"
},
{
"db": "BID",
"id": "93094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004899"
},
{
"db": "NVD",
"id": "CVE-2016-6409"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6409"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco.",
"sources": [
{
"db": "BID",
"id": "93094"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6409",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-6409",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-08200",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-95229",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-6409",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6409",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-08200",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-506",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95229",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08200"
},
{
"db": "VULHUB",
"id": "VHN-95229"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004899"
},
{
"db": "NVD",
"id": "CVE-2016-6409"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015. Vendors have confirmed this vulnerability Bug ID CSCuy54015 It is released as.Service disruption through crafted traffic from a third party ( Off-boundary access ) There is a possibility of being put into a state. Cisco IOS and IOSXE are operating systems developed by Cisco for its network devices. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCuy54015. \nCisco IOS and IOS XE Software are vulnerable. Data in Motion (DMo) application is one of the dynamic data update tools",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6409"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004899"
},
{
"db": "CNVD",
"id": "CNVD-2016-08200"
},
{
"db": "BID",
"id": "93094"
},
{
"db": "VULHUB",
"id": "VHN-95229"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6409",
"trust": 3.4
},
{
"db": "BID",
"id": "93094",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1036875",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004899",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-506",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-08200",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95229",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08200"
},
{
"db": "VULHUB",
"id": "VHN-95229"
},
{
"db": "BID",
"id": "93094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004899"
},
{
"db": "NVD",
"id": "CVE-2016-6409"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
]
},
"id": "VAR-201609-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08200"
},
{
"db": "VULHUB",
"id": "VHN-95229"
}
],
"trust": 1.32263757
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08200"
}
]
},
"last_update_date": "2023-12-18T13:34:25.224000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160921-dmo",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160921-dmo"
},
{
"title": "CiscoIOS and IOSXESoftwareDatainMotion Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/81801"
},
{
"title": "Cisco IOS and IOS XE Software Data in Motion Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64243"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08200"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004899"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95229"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004899"
},
{
"db": "NVD",
"id": "CVE-2016-6409"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/93094"
},
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160921-dmo"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036875"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6409"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6409"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08200"
},
{
"db": "VULHUB",
"id": "VHN-95229"
},
{
"db": "BID",
"id": "93094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004899"
},
{
"db": "NVD",
"id": "CVE-2016-6409"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-08200"
},
{
"db": "VULHUB",
"id": "VHN-95229"
},
{
"db": "BID",
"id": "93094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004899"
},
{
"db": "NVD",
"id": "CVE-2016-6409"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08200"
},
{
"date": "2016-09-24T00:00:00",
"db": "VULHUB",
"id": "VHN-95229"
},
{
"date": "2016-09-21T00:00:00",
"db": "BID",
"id": "93094"
},
{
"date": "2016-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004899"
},
{
"date": "2016-09-24T01:59:01.650000",
"db": "NVD",
"id": "CVE-2016-6409"
},
{
"date": "2016-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08200"
},
{
"date": "2017-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-95229"
},
{
"date": "2016-09-23T00:00:00",
"db": "BID",
"id": "93094"
},
{
"date": "2016-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004899"
},
{
"date": "2017-07-30T01:29:12.210000",
"db": "NVD",
"id": "CVE-2016-6409"
},
{
"date": "2016-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS and IOS XE Software Data in Motion Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08200"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-506"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…