CVE-2016-1349

The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
ciscoios_xe
3.2ja_3.2.0ja:ja_3.2
ciscoios_xe
3.2se_3.2.0se:se_3.2
ciscoios_xe
3.2se_3.2.1se:se_3.2
ciscoios_xe
3.2se_3.2.2se:se_3.2
ciscoios_xe
3.2se_3.2.3se:se_3.2
ciscoios_xe
3.3se_3.3.0se:se_3.3
ciscoios_xe
3.3se_3.3.1se:se_3.3
ciscoios_xe
3.3se_3.3.2se:se_3.3
ciscoios_xe
3.3se_3.3.3se:se_3.3
ciscoios_xe
3.3se_3.3.4se:se_3.3
ciscoios_xe
3.3se_3.3.5se:se_3.3
ciscoios_xe
3.3xo_3.3.0xo:xo_3.3
ciscoios_xe
3.3xo_3.3.1xo:xo_3.3
ciscoios_xe
3.3xo_3.3.2xo:xo_3.3
ciscoios_xe
3.4sg_3.4.0sg:sg_3.4
ciscoios_xe
3.4sg_3.4.1sg:sg_3.4
ciscoios_xe
3.4sg_3.4.2sg:sg_3.4
ciscoios_xe
3.4sg_3.4.3sg:sg_3.4
ciscoios_xe
3.4sg_3.4.4sg:sg_3.4
ciscoios_xe
3.4sg_3.4.5sg:sg_3.4
ciscoios_xe
3.4sg_3.4.6sg:sg_3.4
ciscoios_xe
3.5e_3.5.0e:e_3.5
ciscoios_xe
3.5e_3.5.1e:e_3.5
ciscoios_xe
3.5e_3.5.2e:e_3.5
ciscoios_xe
3.5e_3.5.3e:e_3.5
ciscoios_xe
3.6e_3.6.0e:e_3.6
ciscoios_xe
3.6e_3.6.1e:e_3.6
ciscoios_xe
3.6e_3.6.2ae:e_3.6
ciscoios_xe
3.6e_3.6.2e:e_3.6
ciscoios_xe
3.7e_3.7.0e:e_3.7
ciscoios_xe
3.7e_3.7.1e:e_3.7
ciscoios_xe
3.7e_3.7.2e:e_3.7
intelcore_i5-9400f_firmware
-
netgearjr6150_firmware
𝑥
< 2017-01-06
zyxelgs1900-10hp_firmware
𝑥
< 2.50\(aazi.0\)c0
zzinckeymouse_firmware
3.08
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi
http://www.securitytracker.com/id/1035385
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi
http://www.securitytracker.com/id/1035385