Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1347 (GCVE-0-2016-1347)
Vulnerability from cvelistv5 – Published: 2016-03-24 22:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160323 Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f"
},
{
"name": "1035380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160323 Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f"
},
{
"name": "1035380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035380"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160323 Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f"
},
{
"name": "1035380",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035380"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1347",
"datePublished": "2016-03-24T22:00:00.000Z",
"dateReserved": "2016-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:55:14.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1347
Vulnerability from fstec - Published: 25.03.2016
VLAI Severity ?
Title
Уязвимость операционной системы Cisco IOS, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость реализации Wide Area Application Services Express операционной системы Cisco IOS связана с ошибками управления ресурсом. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании (перезагрузка устройства) при помощи специально сформированного TCP-сегмента
Severity ?
Vendor
Cisco Systems Inc.
Software Name
Cisco IOS
Software Version
от 15.1 до 15.5 включительно (Cisco IOS)
Possible Mitigations
Информация по устранению уязвимости будет доступна по адресу: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f
Reference
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f
CWE
CWE-399
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 15.1 \u0434\u043e 15.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Cisco IOS)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0443\u0434\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.03.2016",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.04.2016",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2016-00876",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-1347",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c (CWE-399)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 Wide Area Application Services Express \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (\u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430) \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e TCP-\u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-399",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
FKIE_CVE-2016-1347
Vulnerability from fkie_nvd - Published: 2016-03-24 22:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios | 15.1\(4\)gc2 | |
| cisco | ios | 15.1\(4\)m6 | |
| cisco | ios | 15.1\(4\)xb4 | |
| cisco | ios | 15.1\(4\)xb5 | |
| cisco | ios | 15.1\(4\)xb5a | |
| cisco | ios | 15.1\(4\)xb6 | |
| cisco | ios | 15.1\(4\)xb7 | |
| cisco | ios | 15.1\(4\)xb8 | |
| cisco | ios | 15.1\(4\)xb8a | |
| cisco | ios | 15.2\(4\)jaz1 | |
| cisco | ios | 15.2\(4\)m7 | |
| cisco | ios | 15.3\(1\)t2 | |
| cisco | ios | 15.3\(3\)jaa1 | |
| cisco | ios | 15.3\(3\)m | |
| cisco | ios | 15.3\(3\)m3 | |
| cisco | ios | 15.3\(3\)m4 | |
| cisco | ios | 15.3\(3\)m6 | |
| cisco | ios | 15.4\(1\)t | |
| cisco | ios | 15.4\(1\)t1 | |
| cisco | ios | 15.4\(1\)t2 | |
| cisco | ios | 15.4\(2\)t | |
| cisco | ios | 15.4\(2\)t1 | |
| cisco | ios | 15.4\(2\)t2 | |
| cisco | ios | 15.4\(2\)t3 | |
| cisco | ios | 15.4\(2\)t4 | |
| cisco | ios | 15.4\(3\)m | |
| cisco | ios | 15.4\(3\)m1 | |
| cisco | ios | 15.4\(3\)m2 | |
| cisco | ios | 15.4\(3\)m3 | |
| cisco | ios | 15.5\(2\)t1 | |
| cisco | ios | 15.5\(2\)t2 | |
| cisco | ios | 15.5\(2\)t3 | |
| cisco | ios | 15.5\(3\)m |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)gc2:*:*:*:*:*:*:*",
"matchCriteriaId": "B082C941-CE02-440F-8DD7-87873504B964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)m6:*:*:*:*:*:*:*",
"matchCriteriaId": "B770E747-517E-42FE-9197-8E654F294B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6836A1-5F15-44E2-AA5E-4CD0DDDB9692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb5:*:*:*:*:*:*:*",
"matchCriteriaId": "B59E042B-9A4B-4959-9B6A-FBDF431EB3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb5a:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBB1846-D09A-4F66-AD7F-45A2236D8839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb6:*:*:*:*:*:*:*",
"matchCriteriaId": "75A272B8-DC6C-4D40-9C21-FFBC6BDFE836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb7:*:*:*:*:*:*:*",
"matchCriteriaId": "064E2B27-4067-49EF-A95A-8BC49E05662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb8:*:*:*:*:*:*:*",
"matchCriteriaId": "4035C938-2BAB-43C1-8302-8F22D4D3D0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb8a:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC3BEF0-8E19-4464-92B5-2C6521AE126C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.2\\(4\\)jaz1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4358B9-F3DB-46AC-A3A8-114E25F676DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.2\\(4\\)m7:*:*:*:*:*:*:*",
"matchCriteriaId": "96FDDD94-40C9-47F0-9D43-0C0267F439C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.3\\(1\\)t2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6ED45F-4479-445D-8970-F90413C51B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0A47B7-5AD3-4B4C-A2FD-4EE0381B3FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B828AA0-E0B2-4897-AF28-FC80B9FF81BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "9279A96A-43B2-4FD4-97F0-DA331EACF918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)m6:*:*:*:*:*:*:*",
"matchCriteriaId": "7855CC38-5E3E-486D-9322-7BF0DC1FF623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B856BB-0FFE-4A92-9CE7-D71B6C611CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1EE552E-226C-46DE-9861-CB148AD8FB44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF02C8E-9BB2-4DC2-8BF1-932835191F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t:*:*:*:*:*:*:*",
"matchCriteriaId": "74E1226B-46CF-4C82-911A-86C818A75DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t1:*:*:*:*:*:*:*",
"matchCriteriaId": "100DA24F-464E-4273-83DF-6428D0ED6641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t2:*:*:*:*:*:*:*",
"matchCriteriaId": "063C0C47-25EB-4AA4-9332-8E43CD60FF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6004A94-FF96-4A34-B3CC-D4B4E555CFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t4:*:*:*:*:*:*:*",
"matchCriteriaId": "02866AED-A1B4-4D89-A11F-27089EF935BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "1C85BAAF-819B-40E7-9099-04AA8D9AB114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED684DB4-527A-4268-B197-4719B0178429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "88F41406-0F55-4D74-A4F6-4ABD5A803907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "7082C083-7517-4CD4-BF95-CC7AF08D4053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F5D3761-16C8-413A-89AD-C076B9B92FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t2:*:*:*:*:*:*:*",
"matchCriteriaId": "F690BEC9-FAE9-4C02-9993-34BF14FA99EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t3:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEA314F-8C89-4D6C-A6B6-3E9247A35B7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "716EC9AA-0569-4FA7-A244-1A14FA15C5AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de Wide Area Application Services (WAAS) Express en Cisco IOS 15.1 hasta la versi\u00f3n 15.5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de un segmento TCP manipulado, tambi\u00e9n conocida como Bug ID CSCuq59708."
}
],
"id": "CVE-2016-1347",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-24T22:59:00.077",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f"
},
{
"source": "psirt@cisco.com",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1035380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1035380"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2016-1347
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-1347",
"description": "The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.",
"id": "GSD-2016-1347"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-1347"
],
"details": "The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.",
"id": "GSD-2016-1347",
"modified": "2023-12-13T01:21:24.007153Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160323 Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f"
},
{
"name": "1035380",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035380"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.2\\(4\\)m7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.1\\(4\\)gc2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.3\\(3\\)m3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.3\\(3\\)m4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.3\\(3\\)m6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.3\\(3\\)m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.3\\(1\\)t2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.2\\(4\\)jaz1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.1\\(4\\)m6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb5a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.1\\(4\\)xb8a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1347"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160323 Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability",
"refsource": "CISCO",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f"
},
{
"name": "1035380",
"refsource": "SECTRACK",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1035380"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH"
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-07-28T15:36Z",
"publishedDate": "2016-03-24T22:59Z"
}
}
}
GHSA-9QWF-M3JP-25JM
Vulnerability from github – Published: 2022-05-17 03:32 – Updated: 2022-05-17 03:32
VLAI?
Details
The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2016-1347"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-03-24T22:59:00Z",
"severity": "HIGH"
},
"details": "The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.",
"id": "GHSA-9qwf-m3jp-25jm",
"modified": "2022-05-17T03:32:06Z",
"published": "2022-05-17T03:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1347"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035380"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CNVD-2016-01886
Vulnerability from cnvd - Published: 2016-03-28
VLAI Severity ?
Title
Cisco IOS Software Wide Area Application Services Express拒绝服务漏洞
Description
Cisco IOS是美国思科公司为其网络设备开发的操作系统。Cisco Wide Area Application Services Express是Cisco WAAS的一个基于IOS并集成到路由器中提供应用程序加速能力以及降低广域网带宽成本的产品。
Cisco IOS Software Wide Area Application Services Express未能充分验证TCP片段,远程攻击者可通过路由转发特制的TCP片段进行拒绝服务攻击。
Severity
高
Patch Name
Cisco IOS Software Wide Area Application Services Express拒绝服务漏洞的补丁
Patch Description
Cisco IOS是美国思科公司为其网络设备开发的操作系统。Cisco Wide Area Application Services Express是Cisco WAAS的一个基于IOS并集成到路由器中提供应用程序加速能力以及降低广域网带宽成本的产品。
Cisco IOS Software Wide Area Application Services Express未能充分验证TCP片段,远程攻击者可通过路由转发特制的TCP片段进行拒绝服务攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f
Impacted products
| Name | Cisco IOS 15.1-15.5 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-1347"
}
},
"description": "Cisco IOS\u662f\u7f8e\u56fd\u601d\u79d1\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Cisco Wide Area Application Services Express\u662fCisco WAAS\u7684\u4e00\u4e2a\u57fa\u4e8eIOS\u5e76\u96c6\u6210\u5230\u8def\u7531\u5668\u4e2d\u63d0\u4f9b\u5e94\u7528\u7a0b\u5e8f\u52a0\u901f\u80fd\u529b\u4ee5\u53ca\u964d\u4f4e\u5e7f\u57df\u7f51\u5e26\u5bbd\u6210\u672c\u7684\u4ea7\u54c1\u3002\r\n\r\nCisco IOS Software Wide Area Application Services Express\u672a\u80fd\u5145\u5206\u9a8c\u8bc1TCP\u7247\u6bb5\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8def\u7531\u8f6c\u53d1\u7279\u5236\u7684TCP\u7247\u6bb5\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
"discovererName": "Cisco",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-01886",
"openTime": "2016-03-28",
"patchDescription": "Cisco IOS\u662f\u7f8e\u56fd\u601d\u79d1\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Cisco Wide Area Application Services Express\u662fCisco WAAS\u7684\u4e00\u4e2a\u57fa\u4e8eIOS\u5e76\u96c6\u6210\u5230\u8def\u7531\u5668\u4e2d\u63d0\u4f9b\u5e94\u7528\u7a0b\u5e8f\u52a0\u901f\u80fd\u529b\u4ee5\u53ca\u964d\u4f4e\u5e7f\u57df\u7f51\u5e26\u5bbd\u6210\u672c\u7684\u4ea7\u54c1\u3002\r\n\r\nCisco IOS Software Wide Area Application Services Express\u672a\u80fd\u5145\u5206\u9a8c\u8bc1TCP\u7247\u6bb5\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8def\u7531\u8f6c\u53d1\u7279\u5236\u7684TCP\u7247\u6bb5\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco IOS Software Wide Area Application Services Express\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Cisco IOS 15.1-15.5"
},
"referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f",
"serverity": "\u9ad8",
"submitTime": "2016-03-26",
"title": "Cisco IOS Software Wide Area Application Services Express\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
CERTFR-2016-AVI-107
Vulnerability from certfr_avis - Published: 2016-03-24 - Updated: 2016-03-24
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | Produits Cisco exécutant Cisco IOS ou IOS XE, voir sur le site du constructeur pour vérifier si votre système est vulnérable (lien fourni dans la rubrique Documentation) | ||
| Cisco | IOS | Produits Cisco exécutant Cisco IOS avec WAAS Express configuré sur une ou plusieurs interfaces sans fil, voir sur le site du constructeur pour vérifier si votre système est vulnérable (lien fourni dans la rubrique Documentation) | ||
| Cisco | N/A | Produits Cisco exécutant Cisco IOS, IOS XE ou Cisco Unified Communications Manager Software, configurés pour traiter les messages SIP , voir sur le site du constructeur pour vérifier si votre système est vulnérable (lien fourni dans la rubrique Documentation) | ||
| Cisco | IOS XR | Routeurs Cisco Network Convergence System séries 6000 exécutant Cisco IOS XR | ||
| Cisco | NX-OS | Commutateurs Cisco Nexus séries 7000 et 7700 avec un module Gigabit Ethernet série M1 exécutant Cisco NX-OS avec LISP configuré | ||
| Cisco | IOS | Commutateurs Cisco Catalyst séries 6500 et 6800 exécutant Cisco IOS avec LISP configuré |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Produits Cisco ex\u00e9cutant Cisco IOS ou IOS XE, voir sur le site du constructeur pour v\u00e9rifier si votre syst\u00e8me est vuln\u00e9rable (lien fourni dans la rubrique Documentation)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Produits Cisco ex\u00e9cutant Cisco IOS avec WAAS Express configur\u00e9 sur une ou plusieurs interfaces sans fil, voir sur le site du constructeur pour v\u00e9rifier si votre syst\u00e8me est vuln\u00e9rable (lien fourni dans la rubrique Documentation)",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Produits Cisco ex\u00e9cutant Cisco IOS, IOS XE ou Cisco Unified Communications Manager Software, configur\u00e9s pour traiter les messages SIP , voir sur le site du constructeur pour v\u00e9rifier si votre syst\u00e8me est vuln\u00e9rable (lien fourni dans la rubrique Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Routeurs Cisco Network Convergence System s\u00e9ries 6000 ex\u00e9cutant Cisco IOS XR",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 7000 et 7700 avec un module Gigabit Ethernet s\u00e9rie M1 ex\u00e9cutant Cisco NX-OS avec LISP configur\u00e9",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Catalyst s\u00e9ries 6500 et 6800 ex\u00e9cutant Cisco IOS avec LISP configur\u00e9",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1344"
},
{
"name": "CVE-2016-1366",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1366"
},
{
"name": "CVE-2016-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1350"
},
{
"name": "CVE-2016-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1349"
},
{
"name": "CVE-2016-1348",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1348"
},
{
"name": "CVE-2016-1347",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1347"
},
{
"name": "CVE-2016-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1351"
}
],
"initial_release_date": "2016-03-24T00:00:00",
"last_revision_date": "2016-03-24T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-sip du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-smi du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-l4f du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-dhcpv6 du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-lisp du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-ncs du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-ios-ikev2 du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2"
}
],
"reference": "CERTFR-2016-AVI-107",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-smi du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-dhcpv6 du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-ncs du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-ios-ikev2 du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-lisp du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-l4f du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-sip du 23 mars 2016",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…