CVE-2016-6401

low-risk
Published 2016-09-17

Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494.

Do I need to act?

-
0.28% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
ADJACENT_NETWORK / HIGH complexity

Affected Products (2)

Carrier Routing System
Carrier Routing System

Affected Vendors

Cisco

References (6)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
http://www.securityfocus.com/bid/92964
http://www.securitytracker.com/id/1036830
Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
http://www.securityfocus.com/bid/92964
http://www.securitytracker.com/id/1036830
22
/ 100
low-risk
Severity 14/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low