The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
Published 2016-09-19 01:59:06
Updated 2020-06-03 15:33:16
View at NVD,   CVE.org
Vulnerability category: Information leak

Products affected by CVE-2016-6415

CVE-2016-6415 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker
Notes:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1; https://nvd.nist.gov/vuln/detail/CVE-2016-6415
Added on 2023-05-19 Action due date 2023-06-09

Exploit prediction scoring system (EPSS) score for CVE-2016-6415

97.26%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2016-6415

  • Cisco IKE Information Disclosure
    Disclosure Date: 2016-09-29
    First seen: 2020-04-26
    auxiliary/scanner/ike/cisco_ike_benigncertain
    A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential inf

CVSS scores for CVE-2016-6415

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
NIST
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.9
3.6
NIST

CWE ids for CVE-2016-6415

References for CVE-2016-6415

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!