← Volver a CVEs

CVE-2016-6415

HIGHCISA KEV

7.5

Descripcion

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

Detalles CVE

Puntuacion CVSS v3.17.5

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado9/19/2016

Ultima modificacion4/22/2026

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorCisco

ProductoIOS, IOS XR, and IOS XE

Nombre vulnerabilidadCisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability

Fecha inclusion KEV2023-05-19

Fecha limite remediacion2023-06-09

Uso en ransomwareUnknown

Productos afectados

cisco:ioscisco:ios_xecisco:ios_xr

Debilidades (CWE)

CWE-200CWE-200

Referencias

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1(psirt@cisco.com)

http://www.securityfocus.com/bid/93003(psirt@cisco.com)

http://www.securitytracker.com/id/1036841(psirt@cisco.com)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/93003(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1036841(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-6415(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.