← Retour aux CVEs

CVE-2016-6415

HIGHCISA KEV

7.5

Description

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

Details CVE

Score CVSS v3.17.5

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie9/19/2016

Derniere modification4/22/2026

Sourcekev

Observations honeypot0

CISA KEV

FournisseurCisco

ProduitIOS, IOS XR, and IOS XE

Nom vulnerabiliteCisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability

Date ajout KEV2023-05-19

Date limite remediation2023-06-09

Utilise dans ransomwareUnknown

Produits affectes

cisco:ioscisco:ios_xecisco:ios_xr

Faiblesses (CWE)

CWE-200CWE-200

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1(psirt@cisco.com)

http://www.securityfocus.com/bid/93003(psirt@cisco.com)

http://www.securitytracker.com/id/1036841(psirt@cisco.com)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/93003(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1036841(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-6415(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.