Lucene search

CiscoCVE-2016-6441

HistoryNov 03, 2016 - 9:59 p.m.

CVE-2016-6441

2016-11-0321:59:02

CWE-119

cisco

web.nvd.nist.gov

cisco

asr 900

vulnerability

tl1

remote code execution

cisco ios xe

security advisory

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON

A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. This vulnerability affects Cisco ASR 900 Series Aggregation Services Routers (ASR902, ASR903, and ASR907) that are running the following releases of Cisco IOS XE Software: 3.17.0S 3.17.1S 3.17.2S 3.18.0S 3.18.1S. More Information: CSCuy15175. Known Affected Releases: 15.6(1)S 15.6(2)S. Known Fixed Releases: 15.6(1)S2.12 15.6(1.17)S0.41 15.6(1.17)SP 15.6(2)SP 16.4(0.183) 16.5(0.10).

Affected configurations

Nvd

Node

ciscoios_xeMatch3.17.0s

ciscoios_xeMatch3.17.1s

ciscoios_xeMatch3.17.2s

ciscoios_xeMatch3.17s

ciscoios_xeMatch3.18.0s

ciscoios_xeMatch3.18.1s

ciscoios_xeMatch3.18s

VendorProductVersionCPE
ciscoios_xe3.17.0scpe:2.3:o:cisco:ios_xe:3.17.0s:*:*:*:*:*:*:*
ciscoios_xe3.17.1scpe:2.3:o:cisco:ios_xe:3.17.1s:*:*:*:*:*:*:*
ciscoios_xe3.17.2scpe:2.3:o:cisco:ios_xe:3.17.2s:*:*:*:*:*:*:*
ciscoios_xe3.17scpe:2.3:o:cisco:ios_xe:3.17s:*:*:*:*:*:*:*
ciscoios_xe3.18.0scpe:2.3:o:cisco:ios_xe:3.18.0s:*:*:*:*:*:*:*
ciscoios_xe3.18.1scpe:2.3:o:cisco:ios_xe:3.18.1s:*:*:*:*:*:*:*
ciscoios_xe3.18scpe:2.3:o:cisco:ios_xe:3.18s:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	3.17.0s	cpe:2.3:o:cisco:ios_xe:3.17.0s:::::::*
cisco	ios_xe	3.17.1s	cpe:2.3:o:cisco:ios_xe:3.17.1s:::::::*
cisco	ios_xe	3.17.2s	cpe:2.3:o:cisco:ios_xe:3.17.2s:::::::*
cisco	ios_xe	3.17s	cpe:2.3:o:cisco:ios_xe:3.17s:::::::*
cisco	ios_xe	3.18.0s	cpe:2.3:o:cisco:ios_xe:3.18.0s:::::::*
cisco	ios_xe	3.18.1s	cpe:2.3:o:cisco:ios_xe:3.18.1s:::::::*
cisco	ios_xe	3.18s	cpe:2.3:o:cisco:ios_xe:3.18s:::::::*

CNA Affected

[
  {
    "product": "Cisco IOS XE 3.17 and 3.18",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS XE 3.17 and 3.18"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94072

www.securitytracker.com/id/1037179

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tl1

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON

Related for CVE-2016-6441