CVE-2016-1409

HIGH EXPLOITED IN THE WILD

Cisco IOS XE 2.1-3.17S, IOS XR 2.0.0-5.3.2, and NX-OS - Denial of Service via Crafted IPv6 Neighbor Discovery Messages

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2016-1409 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035964
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/90872
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035965
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035962
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036651
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035963

Scores

CVSS v3 7.5
EPSS 0.0382
EPSS Percentile 88.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

VulnCheck KEV 2016-05-26
InTheWild.io 2017-08-16
CWE
CWE-20
Status published
Products (50)
cisco/ios 12.0\(1\)
cisco/ios 12.0\(1\)db
cisco/ios 12.0\(1\)s
cisco/ios 12.0\(1\)t
cisco/ios 12.0\(1\)t1
cisco/ios 12.0\(1\)xa
cisco/ios 12.0\(1\)xa1
cisco/ios 12.0\(1\)xa2
cisco/ios 12.0\(1\)xa3
cisco/ios 12.0\(1\)xa4
... and 40 more
Published May 29, 2016
Tracked Since Feb 18, 2026