Vulnerability in Cisco Ios_xe
CVE-2016-1344
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
EPSS: 0.028 (86.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Cisco Ios_xe — versions 3.3s_3.3.0s, 3.3s_3.3.1s, 3.3s_3.3.2s
- Lenovo Thinkcentre_e75s_firmware
- Netgear Jr6150_firmware
- Samsung X14j_firmware — versions t-ms14jakucb-1102.5
- Sun Opensolaris — versions snv_124
- Zyxel Gs1900-10hp_firmware
- Zzinc Keymouse_firmware — versions 3.08
- N/a — versions n/a
Weakness classification (CWE)
References
- 20160323 Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 1035382 (vdb-entry, x_refsource_SECTRACK)
- 85311 (vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2016-1344?
- CVE-2016-1344 is a medium-severity vulnerability in Cisco Ios_xe, classified under CWE-399. CVSS score: 5.9/10. Published 2016-03-26.
- How severe is CVE-2016-1344?
- Medium severity. CVSS v3 base score is 5.9 out of 10.