CVE-2016-6380

high

Description

The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns

http://www.securityfocus.com/bid/93201

http://www.securitytracker.com/id/1036914

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04

Details

Source: MITRE

Published: 2016-10-05

Updated: 2020-09-29

Type: CWE-20

Risk Information

CVSS v2

Base Score: 8.3

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C

Impact Score: 8.5

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH