Vulnerability Description
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | >= 12.2, <= 12.4 |
| Cisco | Ios Xe | <= 3.18s |
| Cisco | Ios Xr | >= 4.3.0, <= 4.3.4 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/93003Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036841Third Party AdvisoryVDB Entry
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/93003Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036841Third Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-US Government Resource
FAQ
What is CVE-2016-6415?
CVE-2016-6415 is a vulnerability with a CVSS score of 7.5 (HIGH). The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain s...
How severe is CVE-2016-6415?
CVE-2016-6415 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6415?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Ios Xe, Cisco Ios Xr.