CVE-2016-2783

CRITICAL

Avaya Fabric Connect Virtual Services Platform - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-2783. PoCs published by iknowjason.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2016-2783, which targets a Shortest Path Bridging (SPB) vulnerability. The script spoofs L2 ping packets with crafted triple dot1q VLANs and i-sid values to trigger the vulnerability.

Description

Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames.

Exploits (1)

nomisec WORKING POC 2 stars
by iknowjason · poc
https://github.com/iknowjason/spb

This repository contains a functional exploit PoC for CVE-2016-2783, which targets a Shortest Path Bridging (SPB) vulnerability. The script spoofs L2 ping packets with crafted triple dot1q VLANs and i-sid values to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Shortest Path Bridging (SPB) implementations
No auth needed
Prerequisites: Network access to the target SPB device · Scapy library installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92157

Scores

CVSS v3 9.8
EPSS 0.0255
EPSS Percentile 85.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-19
Status published
Products (2)
avaya/vsp_operating_system_software 5.0.0.0
avaya/vsp_operating_system_software < 4.2.2.0
Published Jan 23, 2017
Tracked Since Feb 18, 2026