Vulnerability Details : CVE-2016-6422
Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806.
Vulnerability category: Input validation
Products affected by CVE-2016-6422
- cpe:2.3:o:cisco:ios:12.2\(33\)sxj9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6422
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6422
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-6422
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6422
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-catalyst
Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass VulnerabilityMitigation;Vendor Advisory
-
http://www.securityfocus.com/bid/93404
Cisco Catalyst 6500 Series Switches and 7600 Series Routers Information Disclosure Vulnerability
-
http://www.securitytracker.com/id/1036954
Cisco IOS Lets Remote Users Bypass Port Access Controls on the Target System - SecurityTracker
Jump to