Vulnerability Details : CVE-2016-6415
Public exploit exists!
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
Vulnerability category: Information leak
CVE-2016-6415 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker
Notes:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
Added on
2023-05-19
Action due date
2023-06-09
Exploit prediction scoring system (EPSS) score for CVE-2016-6415
Probability of exploitation activity in the next 30 days: 97.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-6415
-
Cisco IKE Information Disclosure
Disclosure Date: 2016-09-29First seen: 2020-04-26auxiliary/scanner/ike/cisco_ike_benigncertainA vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential inf
CVSS scores for CVE-2016-6415
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-6415
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6415
-
http://www.securityfocus.com/bid/93003
Multiple Cisco Products CVE-2016-6415 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1036841
Cisco IOS, IOS XE, and IOS XR IKEv1 Processing Flaw Lets Remote Users Obtain Memory Contents on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
IKEv1 Information Disclosure Vulnerability in Multiple Cisco ProductsVendor Advisory
Products affected by CVE-2016-6415
- cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*