CVE-2016-6301
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.
La función recv_and_process_client_pkt en networking/ntpd.c en busybox permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y ancho de banda) a través de un paquete NTP falsificado, lo que desencadena un bucle de comunicación.
Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-07-26 CVE Reserved
- 2016-12-09 CVE Published
- 2019-06-13 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html | X_refsource_misc |
|
| http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html | X_refsource_misc |
|
| http://seclists.org/fulldisclosure/2019/Jun/18 | Mailing List |
|
| http://seclists.org/fulldisclosure/2019/Sep/7 | Mailing List |
|
| http://seclists.org/fulldisclosure/2020/Aug/20 | Mailing List |
|
| http://seclists.org/fulldisclosure/2020/Mar/15 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2016/08/03/7 | Mailing List |
|
| http://www.securityfocus.com/bid/92277 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1363710 | Issue Tracking | |
| https://seclists.org/bugtraq/2019/Jun/14 | Mailing List |
|
| https://seclists.org/bugtraq/2019/Sep/7 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/154361 | 2019-09-04 | |
| https://packetstorm.news/files/id/153278 | 2019-06-13 |
| URL | Date | SRC |
|---|---|---|
| https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71 | 2020-08-27 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201701-05 | 2020-08-27 |