Vulnerabilities > CVE-2016-6385 - Resource Management Errors vulnerability in Cisco IOS and IOS XE

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cisco

CWE-399

nessus

NVD

Published: 2016-10-05

Updated: 2017-07-30

Summary

Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 15.0\(2\)Ex4 Cisco IOS 12.2\(35\)Se5 Cisco IOS 15.0\(1\)Ey Cisco IOS 12.2\(35\)Ex Cisco IOS 15.0\(2\)Ed1 Cisco IOS 12.2\(55\)Se2 Cisco IOS 12.2\(60\)Ez7 Cisco IOS 12.2\(58\)Ex Cisco IOS 15.2\(3\)E2 Cisco IOS 15.1\(2\)Sg4 Cisco IOS 15.1\(2\)Sg1 Cisco IOS 15.0\(2\)Ey1 Cisco IOS 12.2\(55\)Se1 Cisco IOS 15.0\(2\)Ec Cisco IOS 15.0\(2\)Eh Cisco IOS 12.2\(55\)Se10 Cisco IOS 12.2\(44\)Se3 Cisco IOS 15.2\(3M\)E3 Cisco IOS 12.2\(46\)Se Cisco IOS 15.2\(1\)E2 Cisco IOS 12.2\(44\)Se6 Cisco IOS 12.2\(60\)Ez1 Cisco IOS 12.2\(44\)Ex1 Cisco IOS 12.2\(53\)Ez Cisco IOS 15.0\(2\)Ey Cisco IOS 12.2\(60\)Ez4 Cisco IOS 12.2\(55\)Ex2 Cisco IOS 15.0\(2\)Eb Cisco IOS 12.2\(46\)Se2 Cisco IOS 12.2\(60\)Ez8 Cisco IOS 15.0\(1\)Se1 Cisco IOS 15.0\(2A\)Se9 Cisco IOS 12.2\(54\)Se Cisco IOS 12.2\(50\)Se3 Cisco IOS 15.0\(2\)Ek Cisco IOS 15.2\(2A\)E1 Cisco IOS 12.2\(55\)Se8 Cisco IOS 12.2\(40\)Se Cisco IOS 15.0\(2\)Se4 Cisco IOS 15.0\(2\)Ey2 Cisco IOS 15.2\(2\)E2 Cisco IOS 12.2\(58\)Ey2 Cisco IOS 12.2\(35\)Se Cisco IOS 15.2\(1\)E Cisco IOS 15.2\(3\)E3 Cisco IOS 15.0\(2\)Ex1 Cisco IOS 12.2\(55\)Se9 Cisco IOS 12.2\(55\)Se7 Cisco IOS 12.2\(53\)Se1 Cisco IOS 15.2\(4\)E Cisco IOS 12.2\(46\)Se1 Cisco IOS 12.2\(55\)Se Cisco IOS 15.1\(2\)Sg6 Cisco IOS 15.2\(2\)E1 Cisco IOS 12.2\(40\)Ex2 Cisco IOS 12.2\(46\)Ey Cisco IOS 12.2\(37\)Se1 Cisco IOS 12.2\(60\)Ez2 Cisco IOS 15.0\(2\)Se3 Cisco IOS 12.2\(60\)Ez6 Cisco IOS 12.2\(58\)Se Cisco IOS 15.0\(2\)Ex Cisco IOS 15.0\(2\)Ex3 Cisco IOS 12.2\(53\)Se Cisco IOS 15.2\(2\)E Cisco IOS 15.0\(2\)Ez Cisco IOS 15.2\(2\)Eb2 Cisco IOS 15.0\(1\)Ex Cisco IOS 15.2\(2\)Eb1 Cisco IOS 15.0\(2\)Se Cisco IOS 15.1\(2\)Sg3 Cisco IOS 15.2\(3\)E Cisco IOS 12.2\(35\)Se2 Cisco IOS 12.2\(58\)Ey Cisco IOS 12.2\(52\)Se1 Cisco IOS 15.2\(4M\)E1 Cisco IOS 12.2\(35\)Ex2 Cisco IOS 15.2\(2\)Eb Cisco IOS 12.2\(55\)Ey Cisco IOS 12.2\(40\)Ex1 Cisco IOS 15.0\(2\)Se9 Cisco IOS 12.2\(60\)Ez Cisco IOS 15.2\(3M\)E2 Cisco IOS 12.2\(44\)Ey Cisco IOS 15.0\(2\)Ex8 Cisco IOS 15.0\(2\)Se2 Cisco IOS 12.2\(40\)Ex Cisco IOS 12.2\(55\)Se4 Cisco IOS 15.2\(2\)E4 Cisco IOS 12.2\(53\)Ex Cisco IOS 12.2\(50\)Se5 Cisco IOS 12.2\(44\)Se Cisco IOS 12.2\(50\)Se1 Cisco IOS 15.0\(2\)Ej Cisco IOS 12.2\(35\)Ex1 Cisco IOS 12.2\(53\)Se2 Cisco IOS 12.2\(55\)Ez Cisco IOS 12.2\(44\)Se4 Cisco IOS 15.1\(2\)Sg5 Cisco IOS 12.2\(55\)Se3 Cisco IOS 15.0\(2\)Ej1 Cisco IOS 15.2\(3A\)E Cisco IOS 15.0\(1\)Se3 Cisco IOS 15.2\(1\)Ey Cisco IOS 12.2\(60\)Ez5 Cisco IOS 15.0\(2A\)Ex5 Cisco IOS 15.0\(1\)Se Cisco IOS 15.2\(4\)E1 Cisco IOS 12.2\(37\)Se Cisco IOS 12.2\(50\)Se2 Cisco IOS 12.2\(40\)Se2 Cisco IOS 12.2\(58\)Ey1 Cisco IOS 15.0\(2\)Se1 Cisco IOS 15.2\(1\)E3 Cisco IOS 12.2\(37\)Ex Cisco IOS 12.2\(55\)Ex3 Cisco IOS 15.0\(2\)Se7 Cisco IOS 15.2\(3\)E1 Cisco IOS 15.1\(2\)Sg7 Cisco IOS 15.0\(2\)Se6 Cisco IOS 12.2\(40\)Se1 Cisco IOS 15.0\(1\)Ey1 Cisco IOS 12.2\(50\)Se Cisco IOS 15.0\(2\)Ek1 Cisco IOS 12.2\(58\)Ez Cisco IOS 12.2\(37\)Ey Cisco IOS 15.1\(2\)Sg Cisco IOS 12.2\(60\)Ez3 Cisco IOS 12.2\(35\)Se3 Cisco IOS 15.0\(1\)Se2 Cisco IOS 12.2\(44\)Se1 Cisco IOS 12.2\(53\)Ey Cisco IOS 15.0\(1\)Ey2 Cisco IOS 12.2\(52\)Se Cisco IOS 12.2\(44\)Se5 Cisco IOS 15.0\(2\)Ex10 Cisco IOS 12.2\(55\)Se6 Cisco IOS 12.2\(52\)Ex1 Cisco IOS 15.2\(1\)E1 Cisco IOS 12.2\(35\)Se1 Cisco IOS 12.2\(35\)Se4 Cisco IOS 12.2\(46\)Ex Cisco IOS 15.0\(2\)Ed Cisco IOS 15.0\(2\)Ex2 Cisco IOS 15.0\(2\)Se5 Cisco IOS 12.2\(44\)Se2 Cisco IOS 12.2\(44\)Ex Cisco IOS 12.2\(58\)Se2 Cisco IOS 15.0\(2\)Ex5 Cisco IOS 15.0\(2\)Ey3 Cisco IOS 12.2\(55\)Se5 Cisco IOS 12.2\(55\)Ex Cisco IOS 12.2\(58\)Se1 Cisco IOS 12.2\(52\)Ex Cisco IOS 15.1\(2\)Sg2 Cisco IOS 12.2\(40\)Ex3 Cisco IOS 12.2\(55\)Ex1 Cisco IOS 12.2\(50\)Se4 Cisco IOS XE 3.7.1E Cisco IOS XE 3.6.4E Cisco IOS XE 3.3.4Se Cisco IOS XE 3.6.0E Cisco IOS XE 3.5.1E Cisco IOS XE 3.3.5Se Cisco IOS XE 3.6.2Ae Cisco IOS XE 3.3.3Se Cisco IOS XE 3.3.2Se Cisco IOS XE 3.2.2Se Cisco IOS XE 3.2.3Se Cisco IOS XE 3.3.1Se Cisco IOS XE 3.3.1Xo Cisco IOS XE 3.6.2E Cisco IOS XE 3.5.2E Cisco IOS XE 3.7.5E Cisco IOS XE 3.3.0Se Cisco IOS XE 3.2.0Ja Cisco IOS XE 3.8.2E Cisco IOS XE 3.7.3E Cisco IOS XE 3.7.2E Cisco IOS XE 3.5.3E Cisco IOS XE 3.6.3E Cisco IOS XE 3.3.2Xo Cisco IOS XE 3.8.1E Cisco IOS XE 3.3.0Xo Cisco IOS XE 3.2.1Se Cisco IOS XE 3.7.0E Cisco IOS XE 3.6.1E Cisco IOS XE 3.5.0E Cisco IOS XE 3.2.0Se Cisco IOS XE 3.8.0E	190

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20160928-SMI-IOS.NASL
description	According to its self-reported version, Cisco IOS is affected by a denial of service (DoS) vulnerability in the Smart Install client feature due to incorrect handling of image list parameters. An unauthenticated, remote attacker can exploit this, by sending crafted Smart Install packets to TCP port 4786, causing the Cisco switch to leak memory and eventually reload, resulting in a DoS condition. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	130766
published	2019-11-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130766
title	Cisco IOS Smart Install Memory Leak (cisco-sa-20160928-smi)

NASL family	CISCO
NASL id	CISCO-SA-20160928-SMI-IOSXE.NASL
description	According to its self-reported version, Cisco IOS XE Software is affected by a denial of service (DoS) vulnerability in the Smart Install client feature due to incorrect handling of image list parameters. An unauthenticated, remote attacker can exploit this, by sending crafted Smart Install packets to TCP port 4786, causing the Cisco switch to leak memory and eventually reload, resulting in a DoS condition. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	130767
published	2019-11-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130767
title	Cisco IOS XE Software Smart Install Memory Leak (cisco-sa-20160928-smi)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References