Security restrictions bypass in Cisco IOS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-6438 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Cisco IOS Operating systems & Components / Operating system |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security restrictions bypass
EUVDB-ID: #VU942
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-6438
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause a configuration integrity change on the target device.
The vulnerability is due to a logic processing error. As the affected device is configured with the Downstream Resiliency and Downstream Resiliency Bonding Group features attackers can establish Telnet or SSH connections and trigger an integrity issue with the vty line configuration.
Successful exploitation of the vulnerability will result in a configuration integrity change to the vty line configuration.
Update to fixed versions
15.6(1.7)SP1;
16.4(0.183);
16.5(0.1).
Cisco IOS: 15.5.3 S2.9 - 15.6.2 SP
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
