Description
The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036914
Various Sources x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93201
Scores
CVSS v3
8.1
EPSS
0.0301
EPSS Percentile
85.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (50)
cisco/ios
12.0\(3\)t
cisco/ios
12.0\(3\)t1
cisco/ios
12.0\(3\)t2
cisco/ios
12.0\(3\)t3
cisco/ios
12.0\(3\)xe
cisco/ios
12.0\(3\)xe1
cisco/ios
12.0\(3\)xe2
cisco/ios
12.0\(4\)t
cisco/ios
12.0\(4\)t1
cisco/ios
12.0\(4\)xe
... and 40 more
Published
Oct 05, 2016
Tracked Since
Feb 18, 2026