Denial of Service Vulnerability in Cisco IOS and IOS XE Smart Install
CVE-2016-1349

7.5HIGH

Key Information:

Vendor
Cisco
Status
Ios Xe
X14j Firmware
Opensolaris
Core I5-9400f Firmware
Vendor
CVE Published:
26 March 2016

Summary

An identified issue within the Smart Install client of Cisco IOS and IOS XE software permits remote attackers to exploit vulnerabilities via specially crafted image list parameters in a Smart Install packet. This can result in device reloads, interrupting network services and potentially leading to prolonged downtime. It's crucial for organizations using affected versions to review security measures and apply updates to mitigate this risk.

References

http://www.securitytracker.com/id/1035385
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.