CVE-2016-1370

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-1370
Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime3 Vendor Advisory
http://www.securitytracker.com/id/1036016 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:network_analysis_module_software:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:network_analysis_module_software:4.1.0:*:*:*:*:*:*:*
cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2016-06-03 02:01

Updated : 2023-12-10 11:46

NVD link : CVE-2016-1370

Mitre link : CVE-2016-1370

CVE.ORG link : CVE-2016-1370

JSON object : View

Products Affected

cisco

  • network_analysis_module_software
  • network_analysis_module
CWE
CWE-20

Improper Input Validation