CVE-2016-1350

high-risk

Published 2016-03-26

Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.

Do I need to act?

2.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (18)

Ios Xe

Thinkcentre E75S Firmware

Ios Xe

X14J Firmware

Opensolaris

Gs1900-10Hp Firmware

Keymouse Firmware

Affected Vendors

Sun Lenovo Cisco Samsung Zyxel Zzinc

References (8)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/85372

http://www.securitytracker.com/id/1035420

http://www.securitytracker.com/id/1035421

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/85372

http://www.securitytracker.com/id/1035420

http://www.securitytracker.com/id/1035421

/ 100

high-risk

Severity 26/34 · High

Exploitability 6/34 · Minimal

Exposure 19/34 · Moderate