Denial of Service Issue in Cisco IOS Software for IKEv2 Implementation
CVE-2016-1344

5.9MEDIUM

Key Information:

Vendor
Cisco
Status
Ios Xe
X14j Firmware
Opensolaris
Gs1900-10HP Firmware
Vendor
CVE Published:
26 March 2016

Summary

A vulnerability in the Internet Key Exchange version 2 (IKEv2) implementation of Cisco IOS software allows attackers to remotely trigger a denial of service. By sending specially crafted fragmented packets, an attacker can cause affected devices to reload, interrupting network services and potentially impacting connected users. This issue primarily affects Cisco IOS versions 15.0 through 15.6 and IOS XE 3.3 through 3.17.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1035382
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/85311
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.