CVE-2016-6385

Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
ciscoios
12.2\(35\)ex
ciscoios
12.2\(35\)ex1
ciscoios
12.2\(35\)ex2
ciscoios
12.2\(35\)se
ciscoios
12.2\(35\)se1
ciscoios
12.2\(35\)se2
ciscoios
12.2\(35\)se3
ciscoios
12.2\(35\)se4
ciscoios
12.2\(35\)se5
ciscoios
12.2\(37\)ex
ciscoios
12.2\(37\)ey
ciscoios
12.2\(37\)se
ciscoios
12.2\(37\)se1
ciscoios
12.2\(40\)ex
ciscoios
12.2\(40\)ex1
ciscoios
12.2\(40\)ex2
ciscoios
12.2\(40\)ex3
ciscoios
12.2\(40\)se
ciscoios
12.2\(40\)se1
ciscoios
12.2\(40\)se2
ciscoios
12.2\(44\)ex
ciscoios
12.2\(44\)ex1
ciscoios
12.2\(44\)ey
ciscoios
12.2\(44\)se
ciscoios
12.2\(44\)se1
ciscoios
12.2\(44\)se2
ciscoios
12.2\(44\)se3
ciscoios
12.2\(44\)se4
ciscoios
12.2\(44\)se5
ciscoios
12.2\(44\)se6
ciscoios
12.2\(46\)ex
ciscoios
12.2\(46\)ey
ciscoios
12.2\(46\)se
ciscoios
12.2\(46\)se1
ciscoios
12.2\(46\)se2
ciscoios
12.2\(50\)se
ciscoios
12.2\(50\)se1
ciscoios
12.2\(50\)se2
ciscoios
12.2\(50\)se3
ciscoios
12.2\(50\)se4
ciscoios
12.2\(50\)se5
ciscoios
12.2\(52\)ex
ciscoios
12.2\(52\)ex1
ciscoios
12.2\(52\)se
ciscoios
12.2\(52\)se1
ciscoios
12.2\(53\)ex
ciscoios
12.2\(53\)ey
ciscoios
12.2\(53\)ez
ciscoios
12.2\(53\)se
ciscoios
12.2\(53\)se1
ciscoios
12.2\(53\)se2
ciscoios
12.2\(54\)se
ciscoios
12.2\(55\)ex
ciscoios
12.2\(55\)ex1
ciscoios
12.2\(55\)ex2
ciscoios
12.2\(55\)ex3
ciscoios
12.2\(55\)ey
ciscoios
12.2\(55\)ez
ciscoios
12.2\(55\)se
ciscoios
12.2\(55\)se1
ciscoios
12.2\(55\)se2
ciscoios
12.2\(55\)se3
ciscoios
12.2\(55\)se4
ciscoios
12.2\(55\)se5
ciscoios
12.2\(55\)se6
ciscoios
12.2\(55\)se7
ciscoios
12.2\(55\)se8
ciscoios
12.2\(55\)se9
ciscoios
12.2\(55\)se10
ciscoios
12.2\(58\)ex
ciscoios
12.2\(58\)ey
ciscoios
12.2\(58\)ey1
ciscoios
12.2\(58\)ey2
ciscoios
12.2\(58\)ez
ciscoios
12.2\(58\)se
ciscoios
12.2\(58\)se1
ciscoios
12.2\(58\)se2
ciscoios
12.2\(60\)ez
ciscoios
12.2\(60\)ez1
ciscoios
12.2\(60\)ez2
ciscoios
12.2\(60\)ez3
ciscoios
12.2\(60\)ez4
ciscoios
12.2\(60\)ez5
ciscoios
12.2\(60\)ez6
ciscoios
12.2\(60\)ez7
ciscoios
12.2\(60\)ez8
ciscoios
15.0\(1\)ex
ciscoios
15.0\(1\)ey
ciscoios
15.0\(1\)ey1
ciscoios
15.0\(1\)ey2
ciscoios
15.0\(1\)se
ciscoios
15.0\(1\)se1
ciscoios
15.0\(1\)se2
ciscoios
15.0\(1\)se3
ciscoios
15.0\(2\)eb
ciscoios
15.0\(2\)ec
ciscoios
15.0\(2\)ed
ciscoios
15.0\(2\)ed1
ciscoios
15.0\(2\)eh
ciscoios
15.0\(2\)ej
ciscoios
15.0\(2\)ej1
ciscoios
15.0\(2\)ek
ciscoios
15.0\(2\)ek1
ciscoios
15.0\(2\)ex
ciscoios
15.0\(2\)ex1
ciscoios
15.0\(2\)ex2
ciscoios
15.0\(2\)ex3
ciscoios
15.0\(2\)ex4
ciscoios
15.0\(2\)ex5
ciscoios
15.0\(2\)ex8
ciscoios
15.0\(2\)ex10
ciscoios
15.0\(2\)ey
ciscoios
15.0\(2\)ey1
ciscoios
15.0\(2\)ey2
ciscoios
15.0\(2\)ey3
ciscoios
15.0\(2\)ez
ciscoios
15.0\(2\)se
ciscoios
15.0\(2\)se1
ciscoios
15.0\(2\)se2
ciscoios
15.0\(2\)se3
ciscoios
15.0\(2\)se4
ciscoios
15.0\(2\)se5
ciscoios
15.0\(2\)se6
ciscoios
15.0\(2\)se7
ciscoios
15.0\(2\)se9
ciscoios
15.0\(2a\)ex5
ciscoios
15.0\(2a\)se9
ciscoios
15.1\(2\)sg
ciscoios
15.1\(2\)sg1
ciscoios
15.1\(2\)sg2
ciscoios
15.1\(2\)sg3
ciscoios
15.1\(2\)sg4
ciscoios
15.1\(2\)sg5
ciscoios
15.1\(2\)sg6
ciscoios
15.1\(2\)sg7
ciscoios
15.2\(1\)e
ciscoios
15.2\(1\)e1
ciscoios
15.2\(1\)e2
ciscoios
15.2\(1\)e3
ciscoios
15.2\(1\)ey
ciscoios
15.2\(2\)e
ciscoios
15.2\(2\)e1
ciscoios
15.2\(2\)e2
ciscoios
15.2\(2\)e4
ciscoios
15.2\(2\)eb
ciscoios
15.2\(2\)eb1
ciscoios
15.2\(2\)eb2
ciscoios
15.2\(2a\)e1
ciscoios
15.2\(3\)e
ciscoios
15.2\(3\)e1
ciscoios
15.2\(3\)e2
ciscoios
15.2\(3\)e3
ciscoios
15.2\(3a\)e
ciscoios
15.2\(3m\)e2
ciscoios
15.2\(3m\)e3
ciscoios
15.2\(4\)e
ciscoios
15.2\(4\)e1
ciscoios
15.2\(4m\)e1
ciscoios_xe
3.2.0ja:ja
ciscoios_xe
3.2.0se:se
ciscoios_xe
3.2.1se:se
ciscoios_xe
3.2.2se:se
ciscoios_xe
3.2.3se:se
ciscoios_xe
3.3.0se:se
ciscoios_xe
3.3.0xo:xo
ciscoios_xe
3.3.1se:se
ciscoios_xe
3.3.1xo:xo
ciscoios_xe
3.3.2se:se
ciscoios_xe
3.3.2xo:xo
ciscoios_xe
3.3.3se:se
ciscoios_xe
3.3.4se:se
ciscoios_xe
3.3.5se:se
ciscoios_xe
3.5.0e:e
ciscoios_xe
3.5.1e:e
ciscoios_xe
3.5.2e:e
ciscoios_xe
3.5.3e:e
ciscoios_xe
3.6.0e:e
ciscoios_xe
3.6.1e:e
ciscoios_xe
3.6.2ae:ae
ciscoios_xe
3.6.2e:e
ciscoios_xe
3.6.3e:e
ciscoios_xe
3.6.4e:e
ciscoios_xe
3.7.0e:e
ciscoios_xe
3.7.1e:e
ciscoios_xe
3.7.2e:e
ciscoios_xe
3.7.3e:e
ciscoios_xe
3.7.5e:e
ciscoios_xe
3.8.0e:e
ciscoios_xe
3.8.1e:e
ciscoios_xe
3.8.2e:e
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi
http://www.securityfocus.com/bid/93203
http://www.securitytracker.com/id/1036914
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi
http://www.securityfocus.com/bid/93203
http://www.securitytracker.com/id/1036914
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04