CVE-2016-6441

{"id": "CVE-2016-6441", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2016-11-03T21:59:02.967", "references": [{"url": "http://www.securityfocus.com/bid/94072", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1037179", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tl1", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. This vulnerability affects Cisco ASR 900 Series Aggregation Services Routers (ASR902, ASR903, and ASR907) that are running the following releases of Cisco IOS XE Software: 3.17.0S 3.17.1S 3.17.2S 3.18.0S 3.18.1S. More Information: CSCuy15175. Known Affected Releases: 15.6(1)S 15.6(2)S. Known Fixed Releases: 15.6(1)S2.12 15.6(1.17)S0.41 15.6(1.17)SP 15.6(2)SP 16.4(0.183) 16.5(0.10)."}, {"lang": "es", "value": "Una vulnerabilidad en el c\u00f3digo Transaction Language 1 (TL1) de routers Cisco ASR 900 Series podr\u00eda permitir a un atacante remoto no autenticado provocar un reinicio de, o ejecuci\u00f3n remota de c\u00f3digo en, el sistema afectado. Esta vulnerabilidad afecta a Cisco ASR 900 Series Aggregation Services Routers (ASR902, ASR903 y ASR907) que est\u00e1n ejecutando las siguientes versiones de Cisco IOS XE Software: 3.17.0S 3.17.1S 3.17.2S 3.18.0S 3.18.1S. M\u00e1s informaci\u00f3n: CSCuy15175. Lanzamientos conocidos afectados: 15.6(1)S 15.6(2)S. Lanzamientos conocidos solucionados: 15.6(1)S2.12 15.6(1.17)S0.41 15.6(1.17)SP 15.6(2)SP 16.4(0.183) 16.5(0.10)."}], "lastModified": "2017-07-29T01:34:18.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:3.17.0s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12793F39-13C4-4DBC-9B78-FE361BDDF89D"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.17.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "876767C7-0196-4226-92B1-DDE851B53655"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.17.2s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0141D67B-632F-48ED-8837-4CC799616C57"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.17s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C61D3C1-3A56-49B3-BF68-6E103C5654AA"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.18.0s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE81AA43-88D4-4EFC-B8F6-A41EFF437819"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.18.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BEBCBF7-D1CF-488F-BB3E-F864F901A96A"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.18s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C875016-4D4C-4E24-ADB2-2D767CD77EE1"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}