CVE-2016-1346 - Vulnerability Details - OpenCVE

The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Telepresence Server Mse 8710
Dell	Emc Powerscale Onefs
Netgear	Jr6150 Firmware
Samsung	X14j Firmware
Zyxel	Gs1900-10hp Firmware
Zzinc	Keymouse Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:::::::*
	cpe:2.3:o:netgear:jr6150_firmware::::::::
	cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:::::::*
	cpe:2.3:o:zyxel:gs1900-10hp_firmware::::::::
	cpe:2.3:o:zzinc:keymouse_firmware:3.08:::::windows::

cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts
http://www.securitytracker.com/id/1035499

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2016-04-06T23:00:00

Updated: 2024-08-05T22:55:14.178Z

Reserved: 2016-01-04T00:00:00

Link: CVE-2016-1346

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-04-06T23:59:13.740

Modified: 2024-11-21T02:46:13.650

Link: CVE-2016-1346

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-04-06T00:00:00", "descriptions": [{"lang": "en", "value": "The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-30T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20160406 Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts"}, {"name": "1035499", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035499"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1346", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20160406 Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts"}, {"name": "1035499", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035499"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.178Z"}, "title": "CVE Program Container", "references": [{"name": "20160406 Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts"}, {"name": "1035499", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035499"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1346", "datePublished": "2016-04-06T23:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.178Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FF89B320-6D5A-4E46-A1FA-FCDB31F325C4", "vulnerable": true}, {"criteria": "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AF8ACF6-2BDF-49C2-B92F-2207D83664BF", "versionEndExcluding": "2017-01-06", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true}, {"criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*", "matchCriteriaId": "411829A8-56C6-4851-8063-97F03C7B66B2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673."}, {"lang": "es", "value": "El kernel en Cisco TelePresence Server 3.0 hasta la versi\u00f3n 4.2(4.18) en dispositivos Mobility Services Engine (MSE) 8710 permite a atacantes remotos causar una denegaci\u00f3n de servicio (p\u00e1nico y reinicio) a trav\u00e9s de una secuencia de paquetes IPv6 manipulada, tambi\u00e9n conocido como Bug ID CSCuu46673."}], "id": "CVE-2016-1346", "lastModified": "2024-11-21T02:46:13.650", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-06T23:59:13.740", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035499"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035499"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}