Vulnerability Name:

CVE-2016-9216 (CCN-120941)

Assigned:2016-11-06
Published:2017-01-18
Updated:2017-02-11
Summary:An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More Information: CSCuy06917 CSCuy45036 CSCuy59525. Known Affected Releases: 20.0.0 20.0.M0.62842 20.0.v0 20.0.M0.63229 20.1.0 20.1.a0 20.1.v0 21.0.0 21.0.v0. Known Fixed Releases: 20.0.0 20.0.0.63250 20.0.M0.63148 20.0.R0.63294 20.0.R0.63316 20.0.V0.63170 20.0.VG0.63188 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.A0.63166 20.2.A0.63174 20.1.A0.63232 20.2.A0.63237 20.0.M0.63226 20.0.M0.63229 20.0.R0.63294 20.0.R0.63316 20.0.V0.63263 20.0.VG0.63233 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.0 20.1.0.63959 20.1.M0.63876 20.1.T0.63886 20.1.V0.64231 20.1.VA0.64194 20.1.VB0.64210 20.1.a0 20.1.a0.64023 20.1.v0 20.1.v0.64607 20.2.A0.63895 21.0.0 21.0.0.65256 21.0.M0.63881 21.0.M0.64281 21.0.PP0.64366 21.0.V0.65052 21.0.v0 21.0.v0.65831 21.0.vb0.65887 21.1.R0.65130 21.1.R0.65135.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2016-9216

Source: BID
Type: Third Party Advisory, VDB Entry
95629

Source: CCN
Type: BID-95629
Cisco ASR 5000 Series Software CVE-2016-9216 Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1037652

Source: XF
Type: UNKNOWN
cisco-cve20169216-dos(120941)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20170118-asr
Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability

Source: CONFIRM
Type: Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:asr_5000_series_software:20.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:20.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:20.0.1.a0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:20.0.1.v0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:20.0.m0.62842:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:20.0.m0.63229:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:20.0.v0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:asr_5000_series_software:21.0.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:asr_5000_series:16.4.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco asr 5000 series software 20.0.0
    cisco asr 5000 series software 20.0.1.0
    cisco asr 5000 series software 20.0.1.a0
    cisco asr 5000 series software 20.0.1.v0
    cisco asr 5000 series software 20.0.m0.62842
    cisco asr 5000 series software 20.0.m0.63229
    cisco asr 5000 series software 20.0.v0
    cisco asr 5000 series software 21.0.0
    cisco asr 5000 series 16.4.1