vulnerability

Cisco XE: CVE-2016-6415: IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Sep 19, 2016	Jul 30, 2019	Jan 5, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Sep 19, 2016

Added

Jul 30, 2019

Modified

Jan 5, 2024

Description

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

Solution

cisco-xe-upgrade-latest

References

BID-93003
CVE-2016-6415
https://attackerkb.com/topics/CVE-2016-6415
URL-https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today