Denial of service in Brocade NetIron MLX
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-8203 |
| CWE-ID | CWE-119 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Brocade NetIron MLX Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Brocade |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Denial of service
EUVDB-ID: #VU943
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-8203
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to improper input validation. By sending a specially crafted IPSec control packets, attackers are able to trigger a memory corruption error and cause the target MLX Line Card to reset.
Successful exploitation of the vulnerability leads to denial of service on the vulnerable system.
Update to version 5.8.00ec, 5.9.00be or 6.0.00ab.
Vulnerable software versionsBrocade NetIron MLX: 5.8.00e - 6.0.00a
CPE2.3- cpe:2.3:h:brocade:brocade_netiron_mlx:5.8.00e:*:*:*:*:*:*:*
- cpe:2.3:h:brocade:brocade_netiron_mlx:5.9.00bd:*:*:*:*:*:*:*
- cpe:2.3:h:brocade:brocade_netiron_mlx:6.0.00a:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
