CVE-2016-6415
high-risk
Published 2016-09-19
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
Do I need to act?
!
93.0% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (7)
Third Party Advisory
http://www.securityfocus.com/bid/93003
Third Party Advisory
http://www.securitytracker.com/id/1036841
Third Party Advisory
http://www.securityfocus.com/bid/93003
Third Party Advisory
http://www.securitytracker.com/id/1036841
62
/ 100
high-risk
Severity
26/34 · High
Exploitability
27/34 · High
Exposure
9/34 · Low