CVE-2016-6380

high

Description

The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04

http://www.securitytracker.com/id/1036914

http://www.securityfocus.com/bid/93201

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns

Details

Source: Mitre, NVD

Published: 2016-10-05

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High