var-201612-0160
Vulnerability from variot
A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203. The Cisco ASR5000 Series Aggregation Services Routers is a set of 9000 Series router devices from Cisco. A remote denial of service vulnerability exists in Cisco ASR5000 Series AggregationServicesRouters. An attacker could exploit this vulnerability to overload an affected device and refuse to provide services to legitimate users. This issue is being tracked by Cisco Bug ID CSCva84552
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "asr 5000 series software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "20.0.0"
},
{
"_id": null,
"model": "asr 5000 series software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "21.0.0"
},
{
"_id": null,
"model": "asr 5000 series software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "21.0.m0.64702"
},
{
"_id": null,
"model": "asr series",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "50000"
},
{
"_id": null,
"model": "asr 5000 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "BID",
"id": "94772"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
},
{
"db": "NVD",
"id": "CVE-2016-6467"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:asr_5000_series_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:asr_5000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
}
]
},
"credits": {
"_id": null,
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "94772"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6467",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6467",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-12275",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-95287",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6467",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6467",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-6467",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-12275",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-204",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95287",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-6467",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "VULHUB",
"id": "VHN-95287"
},
{
"db": "VULMON",
"id": "CVE-2016-6467"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
},
{
"db": "NVD",
"id": "CVE-2016-6467"
}
]
},
"description": {
"_id": null,
"data": "A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203. The Cisco ASR5000 Series Aggregation Services Routers is a set of 9000 Series router devices from Cisco. A remote denial of service vulnerability exists in Cisco ASR5000 Series AggregationServicesRouters. An attacker could exploit this vulnerability to overload an affected device and refuse to provide services to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCva84552",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6467"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "BID",
"id": "94772"
},
{
"db": "VULHUB",
"id": "VHN-95287"
},
{
"db": "VULMON",
"id": "CVE-2016-6467"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-6467",
"trust": 3.5
},
{
"db": "BID",
"id": "94772",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1037416",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12275",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95287",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6467",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "VULHUB",
"id": "VHN-95287"
},
{
"db": "VULMON",
"id": "CVE-2016-6467"
},
{
"db": "BID",
"id": "94772"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
},
{
"db": "NVD",
"id": "CVE-2016-6467"
}
]
},
"id": "VAR-201612-0160",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "VULHUB",
"id": "VHN-95287"
}
],
"trust": 1.1269730199999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
}
]
},
"last_update_date": "2024-11-23T22:30:56.183000Z",
"patch": {
"_id": null,
"data": [
{
"title": "cisco-sa-20161207-asr",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr"
},
{
"title": "CiscoASR5000SeriesAggregationServicesRouters Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/85835"
},
{
"title": "Cisco ASR 5000 Series Aggregation Services Routers Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66245"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95287"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "NVD",
"id": "CVE-2016-6467"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/94772"
},
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-asr"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1037416"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6467"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6467"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "VULHUB",
"id": "VHN-95287"
},
{
"db": "VULMON",
"id": "CVE-2016-6467"
},
{
"db": "BID",
"id": "94772"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
},
{
"db": "NVD",
"id": "CVE-2016-6467"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12275",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-95287",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2016-6467",
"ident": null
},
{
"db": "BID",
"id": "94772",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-6467",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12275",
"ident": null
},
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-95287",
"ident": null
},
{
"date": "2016-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6467",
"ident": null
},
{
"date": "2016-12-07T00:00:00",
"db": "BID",
"id": "94772",
"ident": null
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006306",
"ident": null
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-204",
"ident": null
},
{
"date": "2016-12-14T00:59:06.203000",
"db": "NVD",
"id": "CVE-2016-6467",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12275",
"ident": null
},
{
"date": "2017-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-95287",
"ident": null
},
{
"date": "2017-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6467",
"ident": null
},
{
"date": "2016-12-20T01:08:00",
"db": "BID",
"id": "94772",
"ident": null
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006306",
"ident": null
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-204",
"ident": null
},
{
"date": "2024-11-21T02:56:11.380000",
"db": "NVD",
"id": "CVE-2016-6467",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Cisco ASR 5000 Series Aggregation Services Routers Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.