vulnerability

Cisco IOS: CVE-2016-6415: IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Sep 16, 2016	Sep 19, 2016	Apr 22, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Sep 16, 2016

Added

Sep 19, 2016

Modified

Apr 22, 2024

Description

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

Solution

cisco-ios-upgrade-latest

References

BID-93003
CVE-2016-6415
https://attackerkb.com/topics/CVE-2016-6415
URL-https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today