• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

    Vulnerability Summary for CVE-2016-1350

     

    Original release date: 03/25/2016

    Last revised: 03/28/2016

    Source: US-CERT/NIST

     

    Overview

    Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.

     

    Impact

    CVSS Severity (version 3.0):

    CVSS v3 Base Score: 7.5 High

    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Impact Score: 3.6

    Exploitability Score: 3.9

     

    CVSS Version 3 Metrics:

    Attack Vector (AV): Network

    Attack Complexity (AC): Low

    Privileges Required (PR): None

    User Interaction (UI): None

    Scope (S): Unchanged

    Confidentiality (C): None

    Integrity (I): None

    Availability (A): High

     

    CVSS Severity (version 2.0):

    CVSS v2 Base Score: 7.8 HIGH

    Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C) (legend)

    Impact Subscore: 6.9

    Exploitability Subscore: 10.0

     

    CVSS Version 2 Metrics:

    Access Vector: Network exploitable

    Access Complexity: Low

    Authentication: Not required to exploit

    Impact Type: Allows disruption of service

     

    References to Advisories, Solutions, and Tools

    By selecting these links, you will be leaving Trojan Horse Security's webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. Trojan Horse Security does not necessarily endorse the views expressed, or concur with the facts presented on these sites or accuracy. Trojan Horse Security will not be held responsible or liable for any reason Further, Trojan Horse Security does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to ContactUs@TrojanHorseSecurity.com

     

    External Source: CISCO

    Name: 20160323 Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability

    Type: Advisory

    Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip

     

    Vulnerable software and versions

    + Configuration 1+ OR* cpe:/o:cisco:ios_xe:3.9.0as

    * cpe:/o:cisco:ios_xe:3.9.1as

    * cpe:/o:cisco:ios_xe:3.10.1xbs

    * cpe:/o:cisco:ios_xe:3.11.0s

    * cpe:/o:cisco:ios_xe:3.9.2s

    * cpe:/o:cisco:ios_xe:3.10.2s

    * cpe:/o:cisco:ios_xe:3.10.1s

    * cpe:/o:cisco:ios_xe:3.10.0s

    * cpe:/o:cisco:ios_xe:3.9.0s

    * cpe:/o:cisco:ios_xe:3.9.1s

    * cpe:/o:cisco:ios_xe:3.8.2s

    * cpe:/o:cisco:ios_xe:3.8.1s

    * cpe:/o:cisco:ios_xe:3.8.0s

    * cpe:/o:cisco:ios:15.4%5c%282%5c%29cg

    * cpe:/o:cisco:ios:15.4%5c%281%5c%29t1

    * cpe:/o:cisco:ios:15.4%5c%281%5c%29cg

    * cpe:/o:cisco:ios:15.3%5c%282%5c%29t4

    * cpe:/o:cisco:ios:15.3%5c%283%5c%29m2

    * cpe:/o:cisco:ios:15.3%5c%283%5c%29m1

    * cpe:/o:cisco:ios:15.4%5c%282%5c%29t

    * cpe:/o:cisco:ios:15.3%5c%282%5c%29t3

    * cpe:/o:cisco:ios:15.3%5c%282%5c%29s2

    * cpe:/o:cisco:ios:15.3%5c%282%5c%29s0a

    * cpe:/o:cisco:ios:15.3%5c%282%5c%29t2

    * cpe:/o:cisco:ios:15.3%5c%282%5c%29t1

    * cpe:/o:cisco:ios:15.3%5c%281%5c%29t4

    * cpe:/o:cisco:ios:15.3%5c%281%5c%29s1

    * cpe:/o:cisco:ios:15.3%5c%281%5c%29s2

    * cpe:/o:cisco:ios:15.3%5c%281%5c%29t3

    * cpe:/o:cisco:ios:15.3%5c%283%5c%29m

    * cpe:/o:cisco:ios:15.3%5c%281%5c%29t2

    * cpe:/o:cisco:ios:15.3%5c%281%5c%29t1

    * cpe:/o:cisco:ios:15.4%5c%281%5c%29t

    * cpe:/o:cisco:ios:15.3%5c%282%5c%29t

    * cpe:/o:cisco:ios:15.3%5c%281%5c%29t

    * Denotes Vulnerable Software
    Changes related to vulnerability configurations

     

    Technical Details

    Vulnerability Type (View All)

    • Resource Management Errors (CWE-399)

    CVE Standard Vulnerability Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1350

     

    Change History 2 change records found - show changes >>>

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More