Main Vulnerability Database Vulnerabilities #VU15

#VU15 Double free error - CVE-2016-1428

Published: June 21, 2016 / Updated: October 5, 2016

Vulnerability identifier: #VU15

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-1428

CWE-ID: CWE-415

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:

Software vendor:

Description

The vulnerability allows a remote attacker to restart vulnerable device.

The vulnerability exists due to A remote authenticated user can cause the target device to a double free error when handling SNMP requests. A remote authenticated attacker can send an SNMP request containing certain criteria for a specific object ID (OID) and cause the target device to restart.

Successful exploitation of this vulnerability will result in denial of service.

Remediation

Patch for this vulnerability ia available through the Cisco Bug Search Tool.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-iosxe