CVE-2016-6398

MEDIUM

Cisco IOS <15.5(3)M - Info Disclosure

Title source: llm
STIX 2.1

Description

The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92734
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036732

Scores

CVSS v3 5.3
EPSS 0.0126
EPSS Percentile 66.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
cisco/ios 15.5\(3\)m
Published Sep 12, 2016
Tracked Since Feb 18, 2026