Lucene search

CiscoCVE-2016-1349

HistoryMar 26, 2016 - 1:59 a.m.

CVE-2016-1349

2016-03-2601:59:03

CWE-399

cisco

web.nvd.nist.gov

cve-2016-1349

smart install

cisco

ios

denial of service

remote attack

bug id

cscuv45410

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

69.1%

JSON

The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.

Affected configurations

Nvd

Node

ciscoios_xeMatch3.2ja_3.2.0ja

ciscoios_xeMatch3.2se_3.2.0se

ciscoios_xeMatch3.2se_3.2.1se

ciscoios_xeMatch3.2se_3.2.2se

ciscoios_xeMatch3.2se_3.2.3se

ciscoios_xeMatch3.3se_3.3.0se

ciscoios_xeMatch3.3se_3.3.1se

ciscoios_xeMatch3.3se_3.3.2se

ciscoios_xeMatch3.3se_3.3.3se

ciscoios_xeMatch3.3se_3.3.4se

ciscoios_xeMatch3.3se_3.3.5se

ciscoios_xeMatch3.3xo_3.3.0xo

ciscoios_xeMatch3.3xo_3.3.1xo

ciscoios_xeMatch3.3xo_3.3.2xo

ciscoios_xeMatch3.4sg_3.4.0sg

ciscoios_xeMatch3.4sg_3.4.1sg

ciscoios_xeMatch3.4sg_3.4.2sg

ciscoios_xeMatch3.4sg_3.4.3sg

ciscoios_xeMatch3.4sg_3.4.4sg

ciscoios_xeMatch3.4sg_3.4.5sg

ciscoios_xeMatch3.4sg_3.4.6sg

ciscoios_xeMatch3.5e_3.5.0e

ciscoios_xeMatch3.5e_3.5.1e

ciscoios_xeMatch3.5e_3.5.2e

ciscoios_xeMatch3.5e_3.5.3e

ciscoios_xeMatch3.6e_3.6.0e

ciscoios_xeMatch3.6e_3.6.1e

ciscoios_xeMatch3.6e_3.6.2ae

ciscoios_xeMatch3.6e_3.6.2e

ciscoios_xeMatch3.7e_3.7.0e

ciscoios_xeMatch3.7e_3.7.1e

ciscoios_xeMatch3.7e_3.7.2e

intelcore_i5-9400f_firmwareMatch-

netgearjr6150_firmwareRange<2017-01-06

samsungx14j_firmwareMatcht-ms14jakucb-1102.5

sunopensolarisMatchsnv_124sparc

zyxelgs1900-10hp_firmwareRange<2.50\(aazi.0\)c0

zzinckeymouse_firmwareMatch3.08windows

VendorProductVersionCPE
ciscoios_xe3.2ja_3.2.0jacpe:2.3:o:cisco:ios_xe:3.2ja_3.2.0ja:*:*:*:*:*:*:*
ciscoios_xe3.2se_3.2.0secpe:2.3:o:cisco:ios_xe:3.2se_3.2.0se:*:*:*:*:*:*:*
ciscoios_xe3.2se_3.2.1secpe:2.3:o:cisco:ios_xe:3.2se_3.2.1se:*:*:*:*:*:*:*
ciscoios_xe3.2se_3.2.2secpe:2.3:o:cisco:ios_xe:3.2se_3.2.2se:*:*:*:*:*:*:*
ciscoios_xe3.2se_3.2.3secpe:2.3:o:cisco:ios_xe:3.2se_3.2.3se:*:*:*:*:*:*:*
ciscoios_xe3.3se_3.3.0secpe:2.3:o:cisco:ios_xe:3.3se_3.3.0se:*:*:*:*:*:*:*
ciscoios_xe3.3se_3.3.1secpe:2.3:o:cisco:ios_xe:3.3se_3.3.1se:*:*:*:*:*:*:*
ciscoios_xe3.3se_3.3.2secpe:2.3:o:cisco:ios_xe:3.3se_3.3.2se:*:*:*:*:*:*:*
ciscoios_xe3.3se_3.3.3secpe:2.3:o:cisco:ios_xe:3.3se_3.3.3se:*:*:*:*:*:*:*
ciscoios_xe3.3se_3.3.4secpe:2.3:o:cisco:ios_xe:3.3se_3.3.4se:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	3.2ja_3.2.0ja	cpe:2.3:o:cisco:ios_xe:3.2ja_3.2.0ja:::::::*
cisco	ios_xe	3.2se_3.2.0se	cpe:2.3:o:cisco:ios_xe:3.2se_3.2.0se:::::::*
cisco	ios_xe	3.2se_3.2.1se	cpe:2.3:o:cisco:ios_xe:3.2se_3.2.1se:::::::*
cisco	ios_xe	3.2se_3.2.2se	cpe:2.3:o:cisco:ios_xe:3.2se_3.2.2se:::::::*
cisco	ios_xe	3.2se_3.2.3se	cpe:2.3:o:cisco:ios_xe:3.2se_3.2.3se:::::::*
cisco	ios_xe	3.3se_3.3.0se	cpe:2.3:o:cisco:ios_xe:3.3se_3.3.0se:::::::*
cisco	ios_xe	3.3se_3.3.1se	cpe:2.3:o:cisco:ios_xe:3.3se_3.3.1se:::::::*
cisco	ios_xe	3.3se_3.3.2se	cpe:2.3:o:cisco:ios_xe:3.3se_3.3.2se:::::::*
cisco	ios_xe	3.3se_3.3.3se	cpe:2.3:o:cisco:ios_xe:3.3se_3.3.3se:::::::*
cisco	ios_xe	3.3se_3.3.4se	cpe:2.3:o:cisco:ios_xe:3.3se_3.3.4se:::::::*

Rows per page:

1-10 of 381

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi

www.securitytracker.com/id/1035385

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

69.1%

JSON

Related for CVE-2016-1349