Vulnerability CVE-2016-6380


Published: 2016-10-05

Description:
The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.3/10
8.5/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Complete
Affected software
Cisco -> IOS 
Cisco -> Ios xe 
Cisco -> Ios xe 3.1sg 
Cisco -> Ios xe 3.2ja 
Cisco -> Ios xe 3.2sg 
Cisco -> Ios xe 3.2xo 
Cisco -> Ios xe 3.3sg 
Cisco -> Ios xe 3.3sq 
Cisco -> Ios xe 3.3xo 
Cisco -> Ios xe 3.4sg 
Cisco -> Ios xe 3.4sq 
Cisco -> Ios xe 3.5sq 
Cisco -> Ios xe 3.8ex 

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns
http://www.securityfocus.com/bid/93201
http://www.securitytracker.com/id/1036914
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04

Copyright 2024, cxsecurity.com

 

Back to Top