CVE Vulnerabilities

CVE-2016-1349

Published: Mar 26, 2016 | Modified: Dec 03, 2016
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.

Affected Software

Name Vendor Start Version End Version
Ios_xe Cisco 3.4sg_3.4.2sg 3.4sg_3.4.2sg
Ios_xe Cisco 3.4sg_3.4.6sg 3.4sg_3.4.6sg
Ios_xe Cisco 3.5e_3.5.2e 3.5e_3.5.2e
Ios_xe Cisco 3.5e_3.5.1e 3.5e_3.5.1e
Ios_xe Cisco 3.6e_3.6.2e 3.6e_3.6.2e
Ios_xe Cisco 3.6e_3.6.1e 3.6e_3.6.1e
X14j_firmware Samsung t-ms14jakucb-1102.5 t-ms14jakucb-1102.5
Ios_xe Cisco 3.3se_3.3.1se 3.3se_3.3.1se
Ios_xe Cisco 3.6e_3.6.0e 3.6e_3.6.0e
Ios_xe Cisco 3.2se_3.2.3se 3.2se_3.2.3se
Ios_xe Cisco 3.4sg_3.4.5sg 3.4sg_3.4.5sg
Ios_xe Cisco 3.4sg_3.4.1sg 3.4sg_3.4.1sg
Ios_xe Cisco 3.3se_3.3.0se 3.3se_3.3.0se
Ios_xe Cisco 3.5e_3.5.3e 3.5e_3.5.3e
Ios_xe Cisco 3.3xo_3.3.0xo 3.3xo_3.3.0xo
Ios_xe Cisco 3.2se_3.2.1se 3.2se_3.2.1se
Opensolaris Sun snv_124 snv_124
Ios_xe Cisco 3.3se_3.3.3se 3.3se_3.3.3se
Ios_xe Cisco 3.7e_3.7.0e 3.7e_3.7.0e
Ios_xe Cisco 3.7e_3.7.1e 3.7e_3.7.1e
Ios_xe Cisco 3.7e_3.7.2e 3.7e_3.7.2e
Ios_xe Cisco 3.2se_3.2.0se 3.2se_3.2.0se
Ios_xe Cisco 3.2ja_3.2.0ja 3.2ja_3.2.0ja
Ios_xe Cisco 3.3xo_3.3.2xo 3.3xo_3.3.2xo
Ios_xe Cisco 3.3se_3.3.2se 3.3se_3.3.2se
Ios_xe Cisco 3.3se_3.3.4se 3.3se_3.3.4se
Ios_xe Cisco 3.6e_3.6.2ae 3.6e_3.6.2ae
Ios_xe Cisco 3.4sg_3.4.3sg 3.4sg_3.4.3sg
Ios_xe Cisco 3.3xo_3.3.1xo 3.3xo_3.3.1xo
Ios_xe Cisco 3.2se_3.2.2se 3.2se_3.2.2se
Ios_xe Cisco 3.5e_3.5.0e 3.5e_3.5.0e
Ios_xe Cisco 3.4sg_3.4.0sg 3.4sg_3.4.0sg
Ios_xe Cisco 3.3se_3.3.5se 3.3se_3.3.5se
Ios_xe Cisco 3.4sg_3.4.4sg 3.4sg_3.4.4sg
Core_i5-9400f_firmware Intel - -
Gs1900-10hp_firmware Zyxel * *
Jr6150_firmware Netgear * *
Keymouse_firmware Zzinc 3.08 3.08

References