ID
VAR-201604-0570
CVE
CVE-2016-1378
TITLE
Cisco Catalyst Switches IOS Software Information Disclosure Vulnerability
Trust: 1.2
sources:
CNVD: CNVD-2016-02251 //
CNNVD: CNNVD-201604-288
DESCRIPTION
Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591. Cisco Catalyst Runs on the switch Cisco IOS Contains a vulnerability in which important software version information can be obtained. A remote attacker could exploit the vulnerability by accessing the NetworkMobilityServicesProtocol (NMSP) port to obtain the version of the software running on the device. An attacker can exploit this issue to obtain sensitive information. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCum62591
Trust: 2.52
sources:
NVD: CVE-2016-1378 //
JVNDB: JVNDB-2016-002107 //
CNVD: CNVD-2016-02251 //
BID: 86033 //
VULHUB: VHN-90197
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-02251
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sy2 | Trust: 1.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sg1 | Trust: 1.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sg2 | Trust: 1.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(1\)sg1 | Trust: 1.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(1\)sy | Trust: 1.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(1\)sy1 | Trust: 1.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(1\)sg | Trust: 1.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sy1 | Trust: 1.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(1\)sg2 | Trust: 1.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sy | Trust: 1.6 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sy3 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sg3 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sy7 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(1\)sy2 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(1\)sy5 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sy8 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sg5 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(1\)sy4 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(1\)sy3 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(1\)sy6 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sg | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sg4 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sg6 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sg7 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sy4 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sy5 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sy4a | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.1\(2\)sy6 | Trust: 1.0 |
| vendor: | cisco | model: | ios | scope: | lt | version: | 15.2(2)e1 (cisco catalyst switch ) | Trust: 0.8 |
| vendor: | cisco | model: | catalyst switches <15.2 e1 | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-02251 //
JVNDB: JVNDB-2016-002107 //
CNNVD: CNNVD-201604-288 //
NVD: CVE-2016-1378
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2016-02251 //
VULHUB: VHN-90197 //
JVNDB: JVNDB-2016-002107 //
CNNVD: CNNVD-201604-288 //
NVD: CVE-2016-1378
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
sources:
VULHUB: VHN-90197 //
JVNDB: JVNDB-2016-002107 //
NVD: CVE-2016-1378
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201604-288
TYPE
information disclosure
Trust: 0.6
sources:
CNNVD: CNNVD-201604-288
CONFIGURATIONS
sources:
JVNDB: JVNDB-2016-002107
PATCH
| title: | cisco-sa-20160413-nms | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms | Trust: 0.8 |
| title: | CiscoCatalystSwitchesIOSSoftware Information Disclosure Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/74234 | Trust: 0.6 |
| title: | Cisco Catalyst Switches IOS Software Repair measures for information disclosure vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60951 | Trust: 0.6 |
sources:
CNVD: CNVD-2016-02251 //
JVNDB: JVNDB-2016-002107 //
CNNVD: CNNVD-201604-288
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-1378 | Trust: 3.4 |
| db: | SECTRACK | id: | 1035566 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2016-002107 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201604-288 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2016-02251 | Trust: 0.6 |
| db: | BID | id: | 86033 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-90197 | Trust: 0.1 |
sources:
CNVD: CNVD-2016-02251 //
VULHUB: VHN-90197 //
BID: 86033 //
JVNDB: JVNDB-2016-002107 //
CNNVD: CNNVD-201604-288 //
NVD: CVE-2016-1378
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160413-nms | Trust: 2.3 |
| url: | http://www.securitytracker.com/id/1035566 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1378 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1378 | Trust: 0.8 |
| url: | www.cisco.com | Trust: 0.3 |
sources:
CNVD: CNVD-2016-02251 //
VULHUB: VHN-90197 //
BID: 86033 //
JVNDB: JVNDB-2016-002107 //
CNNVD: CNNVD-201604-288 //
NVD: CVE-2016-1378
CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
BID: 86033
SOURCES
| db: | CNVD | id: | CNVD-2016-02251 |
| db: | VULHUB | id: | VHN-90197 |
| db: | BID | id: | 86033 |
| db: | JVNDB | id: | JVNDB-2016-002107 |
| db: | CNNVD | id: | CNNVD-201604-288 |
| db: | NVD | id: | CVE-2016-1378 |
LAST UPDATE DATE
2025-04-13T23:14:21.101000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-02251 | date: | 2016-04-18T00:00:00 |
| db: | VULHUB | id: | VHN-90197 | date: | 2016-12-03T00:00:00 |
| db: | BID | id: | 86033 | date: | 2016-04-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-002107 | date: | 2016-04-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-201604-288 | date: | 2016-04-15T00:00:00 |
| db: | NVD | id: | CVE-2016-1378 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-02251 | date: | 2016-04-18T00:00:00 |
| db: | VULHUB | id: | VHN-90197 | date: | 2016-04-14T00:00:00 |
| db: | BID | id: | 86033 | date: | 2016-04-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-002107 | date: | 2016-04-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-201604-288 | date: | 2016-04-14T00:00:00 |
| db: | NVD | id: | CVE-2016-1378 | date: | 2016-04-14T01:59:04.537 |