CVE-2016-6380

HIGH

Cisco IOS <12.4 & <15.6 - Info Disclosure/DoS

Title source: llm
STIX 2.1

Description

The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036914
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93201

Scores

CVSS v3 8.1
EPSS 0.0301
EPSS Percentile 85.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (50)
cisco/ios 12.0\(3\)t
cisco/ios 12.0\(3\)t1
cisco/ios 12.0\(3\)t2
cisco/ios 12.0\(3\)t3
cisco/ios 12.0\(3\)xe
cisco/ios 12.0\(3\)xe1
cisco/ios 12.0\(3\)xe2
cisco/ios 12.0\(4\)t
cisco/ios 12.0\(4\)t1
cisco/ios 12.0\(4\)xe
... and 40 more
Published Oct 05, 2016
Tracked Since Feb 18, 2026