Sign-up

ID

VAR-201609-0310


CVE

CVE-2016-6399


TITLE

Cisco ACE30 Application Control Engine Modules and ACE 4700 Application Control Engine Service disruption on the appliance (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-004639

DESCRIPTION

Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvb16317

Trust: 1.98

sources: NVD: CVE-2016-6399 // JVNDB: JVNDB-2016-004639 // BID: 92867 // VULHUB: VHN-95219

AFFECTED PRODUCTS

vendor:ciscomodel:ace application control engine module a5scope:eqversion:1.2

Trust: 1.6

vendor:ciscomodel:ace application control engine module a5scope:eqversion:3.1b

Trust: 1.6

vendor:ciscomodel:ace application control engine module a5scope:eqversion:2.0

Trust: 1.6

vendor:ciscomodel:ace application control engine module a5scope:eqversion:3.0

Trust: 1.6

vendor:ciscomodel:ace application control engine module a5scope:eqversion:3.1a

Trust: 1.6

vendor:ciscomodel:ace application control engine module a5scope:eqversion:2.1

Trust: 1.6

vendor:ciscomodel:ace application control engine module a5scope:eqversion:3.2

Trust: 1.6

vendor:ciscomodel:ace application control engine module a5scope:eqversion:2.1e

Trust: 1.6

vendor:ciscomodel:ace application control engine module a5scope:eqversion:3.3

Trust: 1.6

vendor:ciscomodel:ace application control engine module a4scope:eqversion:2.1a

Trust: 1.6

vendor:ciscomodel:ace 4700 series application control engine appliance a3scope:eqversion:1.0

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliancescope:eqversion:a5\(2.0\)

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a1scope:eqversion:8.0

Trust: 1.0

vendor:ciscomodel:ace application control engine module a5scope:eqversion:1.1

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a1scope:eqversion:8.0a

Trust: 1.0

vendor:ciscomodel:ace application control engine module a3scope:eqversion:2.4

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a1scope:eqversion:7b

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a3scope:eqversion:2.4

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliancescope:eqversion:a5\(1.1\)

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliancescope:eqversion:a5\(2.1e\)

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliancescope:eqversion:a5_base

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a4scope:eqversion:2.3

Trust: 1.0

vendor:ciscomodel:ace application control engine module a4scope:eqversion:1.0

Trust: 1.0

vendor:ciscomodel:ace application control engine module a3scope:eqversion:2.3

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliancescope:eqversion:a5\(1.2\)

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a1scope:eqversion:7

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a4scope:eqversion:2.1a

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a3scope:eqversion:2.3

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliancescope:eqversion:a5\(2.1\)

Trust: 1.0

vendor:ciscomodel:ace application control engine module a3scope:eqversion:2.5

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a4scope:eqversion:2.0

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a5scope:eqversion:3.2

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a5scope:eqversion:3.3

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a3scope:eqversion:2.5

Trust: 1.0

vendor:ciscomodel:ace application control engine module a3scope:eqversion:2.0

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliancescope:eqversion:a5\(1.0\)

Trust: 1.0

vendor:ciscomodel:ace application control engine module a1scope:eqversion:7a

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a5scope:eqversion:3.1a

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a3scope:eqversion:2.0

Trust: 1.0

vendor:ciscomodel:ace application control engine module a5scope:eqversion:1.0

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a4scope:eqversion:1.1

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a4scope:eqversion:2.2

Trust: 1.0

vendor:ciscomodel:ace application control engine module a4scope:eqversion:2.3

Trust: 1.0

vendor:ciscomodel:ace application control engine module a3scope:eqversion:2.2

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a3scope:eqversion:2.2

Trust: 1.0

vendor:ciscomodel:ace application control engine module a3scope:eqversion:2.6

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a1scope:eqversion:7a

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a3scope:eqversion:2.6

Trust: 1.0

vendor:ciscomodel:ace application control engine module a4scope:eqversion:2.0

Trust: 1.0

vendor:ciscomodel:ace application control engine module a3scope:eqversion:2.7

Trust: 1.0

vendor:ciscomodel:ace application control engine module a1scope:eqversion:8.0

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a3scope:eqversion:2.7

Trust: 1.0

vendor:ciscomodel:ace application control engine module a1scope:eqversion:8.0a

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a5scope:eqversion:3.1b

Trust: 1.0

vendor:ciscomodel:ace application control engine module a4scope:eqversion:2.2

Trust: 1.0

vendor:ciscomodel:ace application control engine module a4scope:eqversion:1.1

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliancescope:eqversion:a5\(3.0\)

Trust: 1.0

vendor:ciscomodel:ace application control engine module a1scope:eqversion:7b

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine appliance a4scope:eqversion:1.0

Trust: 1.0

vendor:ciscomodel:ace application control engine module a3scope:eqversion:1.0

Trust: 1.0

vendor:ciscomodel:ace 4700 series application control engine the appliance softwarescope:lteversion:a5 3.3

Trust: 0.8

vendor:ciscomodel:application control engine modulescope:lteversion:ace30 a5 3.3

Trust: 0.8

vendor:ciscomodel:ace30 application control engine modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ace application control enginescope:eqversion:47100

Trust: 0.3

vendor:ciscomodel:ace30 application control engine module a5scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ace application control engine a5scope:neversion:4710

Trust: 0.3

sources: BID: 92867 // JVNDB: JVNDB-2016-004639 // CNNVD: CNNVD-201609-127 // NVD: CVE-2016-6399

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6399
value: HIGH

Trust: 1.0

NVD: CVE-2016-6399
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201609-127
value: HIGH

Trust: 0.6

VULHUB: VHN-95219
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6399
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95219
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6399
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95219 // JVNDB: JVNDB-2016-004639 // CNNVD: CNNVD-201609-127 // NVD: CVE-2016-6399

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-95219 // JVNDB: JVNDB-2016-004639 // NVD: CVE-2016-6399

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-127

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201609-127

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004639

PATCH
title:cisco-sa-20160908-aceurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160908-ace
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-004639

EXTERNAL IDS
db:NVDid:CVE-2016-6399
Trust: 2.8
db:BIDid:92867
Trust: 2.0
db:SECTRACKid:1036748
Trust: 1.1
db:JVNDBid:JVNDB-2016-004639
Trust: 0.8
db:NSFOCUSid:34781
Trust: 0.6
db:CNNVDid:CNNVD-201609-127
Trust: 0.6
db:VULHUBid:VHN-95219
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95219 // 
            
            
            
            BID: 92867 // 
            
            
            
            JVNDB: JVNDB-2016-004639 // 
            
            
            
            CNNVD: CNNVD-201609-127 // 
            
            
            
            NVD: CVE-2016-6399

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160908-ace
Trust: 2.0
url:http://www.securityfocus.com/bid/92867
Trust: 1.7
url:http://www.securitytracker.com/id/1036748
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6399
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6399
Trust: 0.8
url:http://www.nsfocus.net/vulndb/34781
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95219 // 
            
            
            
            BID: 92867 // 
            
            
            
            JVNDB: JVNDB-2016-004639 // 
            
            
            
            CNNVD: CNNVD-201609-127 // 
            
            
            
            NVD: CVE-2016-6399

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 92867 // 
            
            
            
            CNNVD: CNNVD-201609-127

SOURCES
db:VULHUBid:VHN-95219
db:BIDid:92867
db:JVNDBid:JVNDB-2016-004639
db:CNNVDid:CNNVD-201609-127
db:NVDid:CVE-2016-6399

LAST UPDATE DATE
2025-04-13T23:41:57.253000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95219date:2016-11-28T00:00:00
db:BIDid:92867date:2016-11-24T02:04:00
db:JVNDBid:JVNDB-2016-004639date:2016-09-14T00:00:00
db:CNNVDid:CNNVD-201609-127date:2016-09-13T00:00:00
db:NVDid:CVE-2016-6399date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-95219date:2016-09-12T00:00:00
db:BIDid:92867date:2016-09-08T00:00:00
db:JVNDBid:JVNDB-2016-004639date:2016-09-14T00:00:00
db:CNNVDid:CNNVD-201609-127date:2016-09-09T00:00:00
db:NVDid:CVE-2016-6399date:2016-09-12T10:59:11.507