Vulnerability Description
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | 3.3s_3.3.0s |
| Lenovo | Thinkcentre E75S Firmware | < m16kt61a |
| Netgear | Jr6150 Firmware | < 2017-01-06 |
| Samsung | X14J Firmware | t-ms14jakucb-1102.5 |
| Sun | Opensolaris | snv_124 |
| Zyxel | Gs1900-10Hp Firmware | < 2.50\(aazi.0\)c0 |
| Zzinc | Keymouse Firmware | 3.08 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/85311
- http://www.securitytracker.com/id/1035382
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/85311
- http://www.securitytracker.com/id/1035382
FAQ
What is CVE-2016-1344?
CVE-2016-1344 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
How severe is CVE-2016-1344?
CVE-2016-1344 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1344?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Lenovo Thinkcentre E75S Firmware, Netgear Jr6150 Firmware, Samsung X14J Firmware, Sun Opensolaris.