← Back to CVEs
CVE-2016-6415
HIGHCISA KEV7.5
Description
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published9/19/2016
Last Modified4/22/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorCisco
ProductIOS, IOS XR, and IOS XE
Vulnerability NameCisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability
KEV Date Added2023-05-19
Remediation Due Date2023-06-09
Ransomware UseUnknown
Affected Products
cisco:ioscisco:ios_xecisco:ios_xr
Weaknesses (CWE)
CWE-200CWE-200
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1(psirt@cisco.com)
http://www.securityfocus.com/bid/93003(psirt@cisco.com)
http://www.securitytracker.com/id/1036841(psirt@cisco.com)
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/93003(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036841(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-6415(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.