// For flags

CVE-2016-6415

Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

La implementación del servidor IKEv1 en Cisco IOS 12.2 hasta la versión 12.4 y 15.0 hasta la versión 15.6, IOS XE hasta la versión 3.18S, IOS XR 4.3.x y 5.0.x hasta la versión 5.2.x y PIX en versiones anteriores a 7.0 permite a atacantes remotos obtener información sensible de la memoria del dispositivo a través de una petición de negociación Security Association (SA), vulnerabilidad también conocida como Bug IDs CSCvb29204 y CSCvb36055 o BENIGNCERTAIN.

Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents. Successful exploitation could allow the attacker to retrieve memory contents, which can lead to information disclosure.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-07-26 CVE Reserved
  • 2016-09-19 CVE Published
  • 2017-03-17 First Exploit
  • 2023-05-19 Exploited in Wild
  • 2023-06-09 KEV Due Date
  • 2024-08-06 CVE Updated
  • 2024-09-14 EPSS Updated
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
>= 12.2 <= 12.4
Search vendor "Cisco" for product "Ios" and version " >= 12.2 <= 12.4"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
>= 15.0 <= 15.6
Search vendor "Cisco" for product "Ios" and version " >= 15.0 <= 15.6"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
<= 3.18s
Search vendor "Cisco" for product "Ios Xe" and version " <= 3.18s"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 4.3.0 <= 4.3.4
Search vendor "Cisco" for product "Ios Xr" and version " >= 4.3.0 <= 4.3.4"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 5.3.0
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 5.3.0"
-
Affected