CVE-2016-1459

Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061.

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:S/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp	Vendor Advisory
http://www.securityfocus.com/bid/91800
http://www.securitytracker.com/id/1036321
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp	Vendor Advisory
http://www.securityfocus.com/bid/91800
http://www.securitytracker.com/id/1036321

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios:12.4\(4\)xc7:::::::*
	cpe:2.3:o:cisco:ios:12.4\(15\)t17:::::::*
	cpe:2.3:o:cisco:ios:12.4\(19a\):::::::*
	cpe:2.3:o:cisco:ios:12.4\(22\)yb2:::::::*
	cpe:2.3:o:cisco:ios:12.4\(24\)gc4:::::::*
	cpe:2.3:o:cisco:ios:12.4\(24\)gc5:::::::*
	cpe:2.3:o:cisco:ios:15.0\(1\)ex:::::::*
	cpe:2.3:o:cisco:ios:15.0\(1\)m:::::::*
	cpe:2.3:o:cisco:ios:15.0\(1\)m9:::::::*
	cpe:2.3:o:cisco:ios:15.0\(1\)m10:::::::*
	cpe:2.3:o:cisco:ios:15.0\(1\)s:::::::*
	cpe:2.3:o:cisco:ios:15.0\(1\)sy:::::::*
	cpe:2.3:o:cisco:ios:15.0\(2\)sg:::::::*
	cpe:2.3:o:cisco:ios:15.1\(3\)t4:::::::*
	cpe:2.3:o:cisco:ios:15.1\(4\)gc2:::::::*
	cpe:2.3:o:cisco:ios:15.1\(4\)m10:::::::*
	cpe:2.3:o:cisco:ios:15.2\(3\)t4:::::::*
	cpe:2.3:o:cisco:ios:15.2\(4\)gc3:::::::*
	cpe:2.3:o:cisco:ios:15.2\(4\)m10:::::::*
	cpe:2.3:o:cisco:ios:15.3\(2\)t4:::::::*
	cpe:2.3:o:cisco:ios:15.3\(3\)m:::::::*
	cpe:2.3:o:cisco:ios:15.3\(3\)m7:::::::*
	cpe:2.3:o:cisco:ios:15.4\(2\)t4:::::::*
	cpe:2.3:o:cisco:ios:15.4\(3\)m5:::::::*
	cpe:2.3:o:cisco:ios:15.5\(2\)t3:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)m3:::::::*
	cpe:2.3:o:cisco:ios_xe:3.13.2s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.13.3s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.13.4s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.13.5s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.14.0s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.14.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.14.2s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.14.3s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.14.4s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.15.1cs:::::::*
	cpe:2.3:o:cisco:ios_xe:3.15.2s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.15.3s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.16.0cs:::::::*
	cpe:2.3:o:cisco:ios_xe:3.16.1as:::::::*
	cpe:2.3:o:cisco:ios_xe:3.16.2s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.16.3s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.17.0s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.17.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.17.2s:::::::*

History

21 Nov 2024, 02:46

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/91800 -~~	() http://www.securityfocus.com/bid/91800 -
References	~~() http://www.securitytracker.com/id/1036321 -~~	() http://www.securitytracker.com/id/1036321 -

Information

Published : 2016-07-17 22:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-1459

Mitre link : CVE-2016-1459

CVE.ORG link : CVE-2016-1459

JSON object : View

Products Affected

cisco

ios_xe
ios

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2016-1459", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2016-07-17T22:59:03.303", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.securityfocus.com/bid/91800", "source": "psirt@cisco.com"}, {"url": "http://www.securitytracker.com/id/1036321", "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/91800", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1036321", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061."}, {"lang": "es", "value": "Cisco IOS 12.4 y 15.0 hasta la versi\u00f3n 15.5 y IOS XE 3.13 hasta la versi\u00f3n 3.17 permiten a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (reinicio de dispositivo) a trav\u00e9s de atributos manipulados en un mensaje BGP, tambi\u00e9n conocido como Bug ID CSCuz21061."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:12.4\\(4\\)xc7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C689450-7C7D-4A66-AD17-FC78F676F95B"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4\\(15\\)t17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "665B295C-D387-4156-A6B4-FEF772A2F0B6"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4\\(19a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D78695B-9F7C-43DC-BA66-7A25129A798C"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4\\(22\\)yb2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFD42A62-01A9-476A-A299-8AFAE0AC9A03"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4\\(24\\)gc4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5528533C-7248-4BF3-952B-C58D0DD7CEE7"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4\\(24\\)gc5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19106ACC-FA7B-4B97-918F-5D14F2A710C2"}, {"criteria": "cpe:2.3:o:cisco:ios:15.0\\(1\\)ex:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "189B0C7C-D794-43EB-A6C6-F29C4B9623A0"}, {"criteria": "cpe:2.3:o:cisco:ios:15.0\\(1\\)m:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B97701A6-F7AE-4D14-A5C1-8F7743256766"}, {"criteria": "cpe:2.3:o:cisco:ios:15.0\\(1\\)m9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "049F7107-B407-4F99-8688-738AF3AF4CBB"}, {"criteria": "cpe:2.3:o:cisco:ios:15.0\\(1\\)m10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97EC3675-6213-4AA2-9C91-73A89AD7D98C"}, {"criteria": "cpe:2.3:o:cisco:ios:15.0\\(1\\)s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9B9B664-5B90-4F3A-BD6C-33F0AAC75CEE"}, {"criteria": "cpe:2.3:o:cisco:ios:15.0\\(1\\)sy:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3048FEB4-3269-4EE1-88B5-0AA3E681402B"}, {"criteria": "cpe:2.3:o:cisco:ios:15.0\\(2\\)sg:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "815EAC82-48B1-47A2-80D7-8CEE806E4B9C"}, {"criteria": "cpe:2.3:o:cisco:ios:15.1\\(3\\)t4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75634752-042C-4E27-972E-E0D5DCD38BE0"}, {"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)gc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B082C941-CE02-440F-8DD7-87873504B964"}, {"criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)m10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B990E413-C863-4613-803F-1E492982C70C"}, {"criteria": "cpe:2.3:o:cisco:ios:15.2\\(3\\)t4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A597644C-023A-4EA0-99CC-2EBCF1FBB382"}, {"criteria": "cpe:2.3:o:cisco:ios:15.2\\(4\\)gc3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF10596D-457A-4DA8-8037-5E92E1D39232"}, {"criteria": "cpe:2.3:o:cisco:ios:15.2\\(4\\)m10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0322D5E9-FE05-49EF-A210-A276D69B9F16"}, {"criteria": "cpe:2.3:o:cisco:ios:15.3\\(2\\)t4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BF7DF14-DD6F-4D24-8F12-AAB145FBDB41"}, {"criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)m:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E0A47B7-5AD3-4B4C-A2FD-4EE0381B3FCE"}, {"criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)m7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "496E2D60-AEEF-4D34-ABE4-9A9B101643D0"}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02866AED-A1B4-4D89-A11F-27089EF935BE"}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B8FB86F-2A89-413B-BED7-97E3D392804E"}, {"criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BEA314F-8C89-4D6C-A6B6-3E9247A35B7E"}, {"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09CD336D-1110-4B0C-B8D4-7C96293CBADE"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.13.2s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E50FF89-8E71-4EA0-9AEC-2F800ED9D995"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.13.3s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F6E9386-30B4-4E86-9676-E7E005274048"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.13.4s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E70C455-E41C-4B17-847A-5F4281139252"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.13.5s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64A07329-3A7D-4483-AE69-4786FEB23D92"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.14.0s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD803F59-1CD2-4CA9-9EB1-3CC4ABCD9547"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.14.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9247665-BBE7-4DEF-B97B-4981A0EA5CE4"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.14.2s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E61E0102-B9B6-41F4-9041-0A5F144D849A"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.14.3s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "579C9E7F-6AE4-4DF5-ABCF-DB390E4669E6"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.14.4s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A076E1F-3457-410A-8AB6-64416ECB20A7"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.15.1cs:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EEAB7F8-EAB5-4E7A-8A1B-38EC16D601FB"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.15.2s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BFE916-916F-4936-A331-21A0E8193920"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.15.3s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0EC9A19-26E6-4E69-B4E7-852CB6327EAD"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.0cs:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5568EABF-8F43-4A87-8DE4-A03E9065BE53"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.1as:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC72AA6D-9E18-49F7-95CA-A4A5D7A60E4E"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.2s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "970FD986-6D0E-441C-9BF3-C66A25763A7A"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.3s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1826C997-6D5D-480E-A12E-3048B6C61216"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.17.0s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12793F39-13C4-4DBC-9B78-FE361BDDF89D"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.17.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "876767C7-0196-4226-92B1-DDE851B53655"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.17.2s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0141D67B-632F-48ED-8837-4CC799616C57"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}

5.3 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2016-1459

5.3^/10

4.9^/10

Attach tags to `CVE-2016-1459`