CVE-2016-1399 : The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2,

The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431.

Published 2016-05-14 01:59:01

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-1399

Cisco » IOS » Version: 15.2(2)ea1
cpe:2.3:o:cisco:ios:15.2\(2\)ea1:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Ie-4000-16gt4g-e » Version: N/A
When used together with: Cisco » Ie-4000-16t4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4gc4gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4gs8gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4s8p4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4t4p4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4tc4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gs4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gt4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gt8gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8s4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8t4g-e » Version: N/A
Cisco » IOS » Version: 15.2(2)eb1
cpe:2.3:o:cisco:ios:15.2\(2\)eb1:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Ie-5000-12s12p-10g » Version: N/A
When used together with: Cisco » Ie-5000-16s12p » Version: N/A
Cisco » IOS » Version: 15.2(2)eb
cpe:2.3:o:cisco:ios:15.2\(2\)eb:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Ie-5000-12s12p-10g » Version: N/A
When used together with: Cisco » Ie-5000-16s12p » Version: N/A
Cisco » IOS » Version: 15.2(2)ea
cpe:2.3:o:cisco:ios:15.2\(2\)ea:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Ie-4000-16gt4g-e » Version: N/A
When used together with: Cisco » Ie-4000-16t4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4gc4gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4gs8gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4s8p4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4t4p4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4tc4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gs4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gt4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gt8gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8s4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8t4g-e » Version: N/A
Cisco » IOS » Version: 15.2(4)ea
cpe:2.3:a:cisco:ios:15.2\(4\)ea:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Ie-4000-16gt4g-e » Version: N/A
When used together with: Cisco » Ie-4000-16t4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4gc4gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4gs8gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4s8p4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4t4p4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4tc4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gs4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gt4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gt8gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8s4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8t4g-e » Version: N/A
Cisco » IOS » Version: 15.2(2)ea2
cpe:2.3:a:cisco:ios:15.2\(2\)ea2:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Ie-4000-16gt4g-e » Version: N/A
When used together with: Cisco » Ie-4000-16t4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4gc4gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4gs8gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4s8p4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4t4p4g-e » Version: N/A
When used together with: Cisco » Ie-4000-4tc4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gs4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gt4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8gt8gp4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8s4g-e » Version: N/A
When used together with: Cisco » Ie-4000-8t4g-e » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2016-1399

EPSS FAQ

1.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-1399

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-1399

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-1399

https://ics-cert.us-cert.gov/advisories/ICSA-16-175-01

Rockwell Automation Allen-Bradley Stratix 5400 and 5410 Packet Corruption Vulnerability | CISA
http://www.securityfocus.com/bid/90665

Cisco Industrial Ethernet 4000 and 5000 Series Switches Remote Security Bypass Vulnerability
http://www.securitytracker.com/id/1035898

Cisco Industrial Ethernet Switch Packet Processing Flaw Lets Remote Users Corrupt Queued Data on the Target System - SecurityTracker
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160513-ies

Cisco Industrial Ethernet 4000 and Ethernet 5000 Series Switches ICMP IPv4 Packet Corruption Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2016-1399

Products affected by CVE-2016-1399

Exploit prediction scoring system (EPSS) score for CVE-2016-1399

CVSS scores for CVE-2016-1399

CWE ids for CVE-2016-1399

References for CVE-2016-1399