Published: 05/10/2016 Updated: 30/07/2017

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Cisco IOS 12.2 and 15.0 up to and including 15.3 allows remote malicious users to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSCur69036.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios 15.3\\(3\\)jnb3
cisco ios 15.3\\(3\\)ja9
cisco ios 15.0\\(2\\)se3
cisco ios 15.2\\(2\\)e
cisco ios 12.2\\(55\\)se5
cisco ios 15.0\\(2\\)ey
cisco ios 15.3\\(3\\)jbb6a
cisco ios 15.0\\(2\\)se
cisco ios 12.2\\(55\\)se8
cisco ios 15.2\\(1\\)ey
cisco ios 12.2\\(50\\)se1
cisco ios 12.2\\(52\\)se
cisco ios 12.2\\(50\\)se5
cisco ios 12.2\\(46\\)se1
cisco ios 15.3\\(3\\)jbb
cisco ios 15.3\\(3\\)jnc
cisco ios 15.0\\(2\\)se4
cisco ios 15.3\\(3\\)ja77
cisco ios 15.0\\(2\\)ey1
cisco ios 15.0\\(1\\)ey1
cisco ios 15.3\\(3\\)jax2
cisco ios 15.3\\(3\\)jb75
cisco ios 15.3\\(3\\)ja1m
cisco ios 15.3\\(3\\)jnb
cisco ios 15.3\\(3\\)jnp1
cisco ios 12.2\\(44\\)ex
cisco ios 12.2\\(50\\)se3
cisco ios 12.2\\(55\\)se4
cisco ios 15.2\\(2\\)e1
cisco ios 12.2\\(50\\)se4
cisco ios 15.3\\(3\\)jbb4
cisco ios 15.0\\(2\\)se5
cisco ios 15.0\\(2\\)ey3
cisco ios 15.2\\(3\\)ea
cisco ios 15.0\\(2\\)se1
cisco ios 12.2\\(44\\)ex1
cisco ios 12.2\\(55\\)se7
cisco ios 15.3\\(3\\)jbb1
cisco ios 15.3\\(3\\)jbb50
cisco ios 15.3\\(3\\)jax1
cisco ios 15.3\\(3\\)ja8
cisco ios 12.2\\(46\\)se2
cisco ios 15.0\\(2\\)se9
cisco ios 15.3\\(3\\)jnp
cisco ios 15.0\\(1\\)ey
cisco ios 12.2\\(55\\)se
cisco ios 15.3\\(3\\)ja5
cisco ios 15.3\\(3\\)jbb8
cisco ios 15.0\\(1\\)ey2
cisco ios 15.3\\(3\\)jn4
cisco ios 15.3\\(3\\)ja
cisco ios 15.3\\(3\\)jnb1
cisco ios 12.2\\(52\\)se1
cisco ios 12.2\\(55\\)se10
cisco ios 15.3\\(3\\)ja1
cisco ios 15.3\\(3\\)jb
cisco ios 15.3\\(3\\)ja1n
cisco ios 12.2\\(50\\)se2
cisco ios 12.2\\(50\\)se
cisco ios 15.3\\(3\\)jab
cisco ios 12.2\\(55\\)se6
cisco ios 15.3\\(3\\)jbb2
cisco ios 15.3\\(3\\)jax
cisco ios 15.3\\(3\\)ja4
cisco ios 15.3\\(3\\)jn8
cisco ios 15.3\\(3\\)jnc1
cisco ios 12.2\\(58\\)se2
cisco ios 12.2\\(46\\)se
cisco ios 15.3\\(3\\)jn3
cisco ios 12.2\\(55\\)se9
cisco ios 15.0\\(2\\)eb
cisco ios 15.0\\(2\\)se2
cisco ios 15.0\\(2\\)se7
cisco ios 12.2\\(55\\)se3
cisco ios 15.2\\(2\\)e2
cisco ios 15.0\\(2\\)ey2
cisco ios 15.3\\(3\\)ja7
cisco ios 15.3\\(3\\)jbb5
cisco ios 15.0\\(2\\)se6
cisco ios 15.3\\(3\\)jnb2
cisco ios 15.3\\(3\\)jbb6
cisco ios 15.3\\(3\\)jn7
cisco ios 15.3\\(3\\)jaa
cisco ios 15.2\\(2\\)e4
cisco ios 15.3\\(3\\)jc

A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device An attacker could exploit this vulnerability by ...

CWE-399 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip http://www.securityfocus.com/bid/93197 http://www.securitytracker.com/id/1036914 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip

Get Started

CVE-2016-6391

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect