CVE-2016-1349
HIGHCisco IOS XE 3.2-3.7 and IOS 12.2, 15.0, 15.2 - Denial of Service via Smart Install Image List Parameters
Title source: llmDescription
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035385
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi
Scores
CVSS v3
7.5
EPSS
0.0070
EPSS Percentile
72.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-399
Status
published
Products (38)
cisco/ios_xe
3.2ja_3.2.0ja
cisco/ios_xe
3.2se_3.2.0se
cisco/ios_xe
3.2se_3.2.1se
cisco/ios_xe
3.2se_3.2.2se
cisco/ios_xe
3.2se_3.2.3se
cisco/ios_xe
3.3se_3.3.0se
cisco/ios_xe
3.3se_3.3.1se
cisco/ios_xe
3.3se_3.3.2se
cisco/ios_xe
3.3se_3.3.3se
cisco/ios_xe
3.3se_3.3.4se
... and 28 more
Published
Mar 26, 2016
Tracked Since
Feb 18, 2026