Sign-up

ID

VAR-201609-0319


CVE

CVE-2016-6409


TITLE

Cisco IOS and IOS XE Software Data in Motion Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-08200 // CNNVD: CNNVD-201609-506

DESCRIPTION

The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015. Vendors have confirmed this vulnerability Bug ID CSCuy54015 It is released as.Service disruption through crafted traffic from a third party ( Off-boundary access ) There is a possibility of being put into a state. Cisco IOS and IOSXE are operating systems developed by Cisco for its network devices. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuy54015. Cisco IOS and IOS XE Software are vulnerable. Data in Motion (DMo) application is one of the dynamic data update tools

Trust: 2.52

sources: NVD: CVE-2016-6409 // JVNDB: JVNDB-2016-004899 // CNVD: CNVD-2016-08200 // BID: 93094 // VULHUB: VHN-95229

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-08200

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t

Trust: 1.6

vendor:ciscomodel:ios xescope: - version: -

Trust: 1.4

vendor:ciscomodel:iosscope:eqversion:15.6(1)t

Trust: 0.8

vendor:ciscomodel:ios 15.6 tscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-08200 // BID: 93094 // JVNDB: JVNDB-2016-004899 // CNNVD: CNNVD-201609-506 // NVD: CVE-2016-6409

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6409
value: HIGH

Trust: 1.0

NVD: CVE-2016-6409
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-08200
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201609-506
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95229
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6409
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-08200
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95229
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6409
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-08200 // VULHUB: VHN-95229 // JVNDB: JVNDB-2016-004899 // CNNVD: CNNVD-201609-506 // NVD: CVE-2016-6409

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-95229 // JVNDB: JVNDB-2016-004899 // NVD: CVE-2016-6409

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-506

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201609-506

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004899

PATCH
title:cisco-sa-20160921-dmourl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-dmo
Trust: 0.8
title:CiscoIOS and IOSXESoftwareDatainMotion Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/81801
Trust: 0.6
title:Cisco IOS  and IOS XE Software Data in Motion Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64243
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-08200 // 
            
            
            
            JVNDB: JVNDB-2016-004899 // 
            
            
            
            CNNVD: CNNVD-201609-506

EXTERNAL IDS
db:NVDid:CVE-2016-6409
Trust: 3.4
db:BIDid:93094
Trust: 2.6
db:SECTRACKid:1036875
Trust: 1.1
db:JVNDBid:JVNDB-2016-004899
Trust: 0.8
db:CNNVDid:CNNVD-201609-506
Trust: 0.7
db:CNVDid:CNVD-2016-08200
Trust: 0.6
db:VULHUBid:VHN-95229
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-08200 // 
            
            
            
            VULHUB: VHN-95229 // 
            
            
            
            BID: 93094 // 
            
            
            
            JVNDB: JVNDB-2016-004899 // 
            
            
            
            CNNVD: CNNVD-201609-506 // 
            
            
            
            NVD: CVE-2016-6409

REFERENCES
url:http://www.securityfocus.com/bid/93094
Trust: 2.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160921-dmo
Trust: 2.0
url:http://www.securitytracker.com/id/1036875
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6409
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6409
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-08200 // 
            
            
            
            VULHUB: VHN-95229 // 
            
            
            
            BID: 93094 // 
            
            
            
            JVNDB: JVNDB-2016-004899 // 
            
            
            
            CNNVD: CNNVD-201609-506 // 
            
            
            
            NVD: CVE-2016-6409

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 93094 // 
            
            
            
            CNNVD: CNNVD-201609-506

SOURCES
db:CNVDid:CNVD-2016-08200
db:VULHUBid:VHN-95229
db:BIDid:93094
db:JVNDBid:JVNDB-2016-004899
db:CNNVDid:CNNVD-201609-506
db:NVDid:CVE-2016-6409

LAST UPDATE DATE
2025-04-12T23:18:38.478000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-08200date:2016-09-27T00:00:00
db:VULHUBid:VHN-95229date:2017-07-30T00:00:00
db:BIDid:93094date:2016-09-23T00:00:00
db:JVNDBid:JVNDB-2016-004899date:2016-09-28T00:00:00
db:CNNVDid:CNNVD-201609-506date:2016-09-26T00:00:00
db:NVDid:CVE-2016-6409date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-08200date:2016-09-27T00:00:00
db:VULHUBid:VHN-95229date:2016-09-24T00:00:00
db:BIDid:93094date:2016-09-21T00:00:00
db:JVNDBid:JVNDB-2016-004899date:2016-09-28T00:00:00
db:CNNVDid:CNNVD-201609-506date:2016-09-22T00:00:00
db:NVDid:CVE-2016-6409date:2016-09-24T01:59:01.650