What is CVE-2016-6457?

CVE-2016-6457 is a medium-severity vulnerability in Cisco Application_policy_infrastructure_controller, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 6.5/10. Published 2016-11-19.

How severe is CVE-2016-6457?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Buffer overflow in Cisco Application_policy_infrastructure_controller

CVE-2016-6457

A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This…

Vulnerability class: Buffer Overflow

EPSS: 0.004 (58.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Cisco Application_policy_infrastructure_controller — versions 1.2\(2\), 1.2\(3\), 1.3\(1\)
Cisco Nexus_92160yc-x
Cisco Nexus_92304qc
Cisco Nexus_9236c
Cisco Nexus_9272q
Cisco Nexus_93108tc-ex
Cisco Nexus_93120tx
Cisco Nexus_93128tx
Cisco Nexus_93180yc-ex
Cisco Nexus_9332pq

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

94077 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
psirt@cisco.com (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
1037185 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2016-6457?: CVE-2016-6457 is a medium-severity vulnerability in Cisco Application_policy_infrastructure_controller, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 6.5/10. Published 2016-11-19.
How severe is CVE-2016-6457?: Medium severity. CVSS v3 base score is 6.5 out of 10.