CVE-2016-1409
HIGH EXPLOITED IN THE WILDCisco IOS XE 2.1-3.17S, IOS XR 2.0.0-5.3.2, and NX-OS - Denial of Service via Crafted IPv6 Neighbor Discovery Messages
Title source: llmExploitation Summary
CVE-2016-1409 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.
References (8)
Core 8
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035964
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/90872
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035965
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035962
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036651
Third Party Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-ipv6-en
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035963
Scores
CVSS v3
7.5
EPSS
0.0382
EPSS Percentile
88.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
VulnCheck KEV
2016-05-26
InTheWild.io
2017-08-16
CWE
CWE-20
Status
published
Products (50)
cisco/ios
12.0\(1\)
cisco/ios
12.0\(1\)db
cisco/ios
12.0\(1\)s
cisco/ios
12.0\(1\)t
cisco/ios
12.0\(1\)t1
cisco/ios
12.0\(1\)xa
cisco/ios
12.0\(1\)xa1
cisco/ios
12.0\(1\)xa2
cisco/ios
12.0\(1\)xa3
cisco/ios
12.0\(1\)xa4
... and 40 more
Published
May 29, 2016
Tracked Since
Feb 18, 2026