Vulnerability Details : CVE-2016-9211
A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. More Information: CSCuw26032. Known Affected Releases: 10.51.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2016-9211
Probability of exploitation activity in the next 30 days: 0.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-9211
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-9211
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9211
-
http://www.securitytracker.com/id/1037425
Cisco ONS 15454 Lets Remote Users Cause the Target Controller Card to Reset - SecurityTrackerThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons
Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service VulnerabilityMitigation;Vendor Advisory
-
http://www.securityfocus.com/bid/94795
Cisco ONS 15454 Series Multiservice Provisioning Platforms Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2016-9211
- cpe:2.3:a:cisco:ons_15454_sdh_multiservice_platform_software:10.51.0:*:*:*:*:*:*:*