CVE-2016-6423
medium
CVSS v3
6.5
CVSS v2
6.3
VIR risk
6.5
Description
The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ios-ikev
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ios-ikev
- http://www.securityfocus.com/bid/93411
- http://www.securitytracker.com/id/1036955
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ios-ikev
- http://www.securityfocus.com/bid/93411
- http://www.securitytracker.com/id/1036955
CWEs
CWE-399
Verify integrity in audit chain (admin only). AS-IS.