Improper input validation - CVE-2016-1459
Published: July 18, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU163
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-1459
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote attacker to cause the target system to reload.
The vulnerability exists due to improper processing of crafted BGP attributes. A remote authenticated attacker can cause the target system to reload by sending a specially crafted Border Gateway Protocol (BGP) message, which may trigger a BGP attribute processing flaw.
All versions of Cisco IOS and IOS XE Software that support BGP are affected.
Successful exploitation of this vulnerability may result in denial of service.
The vulnerability exists due to improper processing of crafted BGP attributes. A remote authenticated attacker can cause the target system to reload by sending a specially crafted Border Gateway Protocol (BGP) message, which may trigger a BGP attribute processing flaw.
All versions of Cisco IOS and IOS XE Software that support BGP are affected.
Successful exploitation of this vulnerability may result in denial of service.
How to mitigate CVE-2016-1459
Putch for this vulnerability is availble through the Cisco Bug Search Tool.