Sign-up

ID

VAR-201609-0311


CVE

CVE-2016-6401


TITLE

Cisco Carrier Routing System Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-07729 // CNNVD: CNNVD-201609-323

DESCRIPTION

Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494. Vendors have confirmed this vulnerability Bug ID CSCva32494 It is released as.Skillfully crafted by a third party IPv6-over-MPLS Service disruption via packets ( Reload line card ) There is a possibility of being put into a state. Cisco CarrierRoutingSystem (CRS) is a carrier-class routing system from Cisco. A remote attacker could exploit the vulnerability by sending a specially crafted IPv6-over-MPLS packet to cause a denial of service (line-card overload). This issue is being tracked by Cisco Bug ID CSCva32494

Trust: 2.52

sources: NVD: CVE-2016-6401 // JVNDB: JVNDB-2016-004799 // CNVD: CNVD-2016-07729 // BID: 92964 // VULHUB: VHN-95221

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-07729

AFFECTED PRODUCTS

vendor:ciscomodel:carrier routing systemscope:eqversion:5.1.4

Trust: 3.0

vendor:ciscomodel:carrier routing systemscope:eqversion:5.1_base

Trust: 1.6

vendor:ciscomodel:carrier routing systemscope:eqversion:5.1

Trust: 1.4

vendor:ciscomodel:ios xr for crs-3scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-07729 // BID: 92964 // JVNDB: JVNDB-2016-004799 // CNNVD: CNNVD-201609-323 // NVD: CVE-2016-6401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6401
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6401
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-07729
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201609-323
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95221
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6401
severity: MEDIUM
baseScore: 5.7
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-07729
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95221
severity: MEDIUM
baseScore: 5.7
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6401
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-07729 // VULHUB: VHN-95221 // JVNDB: JVNDB-2016-004799 // CNNVD: CNNVD-201609-323 // NVD: CVE-2016-6401

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-95221 // JVNDB: JVNDB-2016-004799 // NVD: CVE-2016-6401

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201609-323

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201609-323

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004799

PATCH
title:cisco-sa-20160914-crsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-crs
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-004799

EXTERNAL IDS
db:NVDid:CVE-2016-6401
Trust: 3.4
db:BIDid:92964
Trust: 2.0
db:SECTRACKid:1036830
Trust: 1.1
db:JVNDBid:JVNDB-2016-004799
Trust: 0.8
db:CNNVDid:CNNVD-201609-323
Trust: 0.7
db:CNVDid:CNVD-2016-07729
Trust: 0.6
db:VULHUBid:VHN-95221
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-07729 // 
            
            
            
            VULHUB: VHN-95221 // 
            
            
            
            BID: 92964 // 
            
            
            
            JVNDB: JVNDB-2016-004799 // 
            
            
            
            CNNVD: CNNVD-201609-323 // 
            
            
            
            NVD: CVE-2016-6401

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160914-crs
Trust: 2.6
url:http://www.securityfocus.com/bid/92964
Trust: 1.1
url:http://www.securitytracker.com/id/1036830
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6401
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6401
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps5845/index.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-07729 // 
            
            
            
            VULHUB: VHN-95221 // 
            
            
            
            BID: 92964 // 
            
            
            
            JVNDB: JVNDB-2016-004799 // 
            
            
            
            CNNVD: CNNVD-201609-323 // 
            
            
            
            NVD: CVE-2016-6401

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 92964

SOURCES
db:CNVDid:CNVD-2016-07729
db:VULHUBid:VHN-95221
db:BIDid:92964
db:JVNDBid:JVNDB-2016-004799
db:CNNVDid:CNNVD-201609-323
db:NVDid:CVE-2016-6401

LAST UPDATE DATE
2025-04-13T23:35:03.547000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-07729date:2016-09-20T00:00:00
db:VULHUBid:VHN-95221date:2017-07-30T00:00:00
db:BIDid:92964date:2016-09-14T00:00:00
db:JVNDBid:JVNDB-2016-004799date:2016-09-21T00:00:00
db:CNNVDid:CNNVD-201609-323date:2016-09-18T00:00:00
db:NVDid:CVE-2016-6401date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-07729date:2016-09-20T00:00:00
db:VULHUBid:VHN-95221date:2016-09-17T00:00:00
db:BIDid:92964date:2016-09-14T00:00:00
db:JVNDBid:JVNDB-2016-004799date:2016-09-21T00:00:00
db:CNNVDid:CNNVD-201609-323date:2016-09-18T00:00:00
db:NVDid:CVE-2016-6401date:2016-09-17T02:59:01.617