high
7.1
CWE
399
Advisory Published
Updated

CVE-2016-1344

First published: Sat Mar 26 2016(Updated: )

The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco IOS XE Web UI=3.3s_3.3.0s
Cisco IOS XE Web UI=3.3s_3.3.1s
Cisco IOS XE Web UI=3.3s_3.3.2s
Cisco IOS XE Web UI=3.3sg_3.3.0sg
Cisco IOS XE Web UI=3.3sg_3.3.1sg
Cisco IOS XE Web UI=3.3sg_3.3.2sg
Cisco IOS XE Web UI=3.3xo_3.3.0xo
Cisco IOS XE Web UI=3.3xo_3.3.1xo
Cisco IOS XE Web UI=3.3xo_3.3.2xo
Cisco IOS XE Web UI=3.4s_3.4.0as
Cisco IOS XE Web UI=3.4s_3.4.0s
Cisco IOS XE Web UI=3.4s_3.4.1s
Cisco IOS XE Web UI=3.4s_3.4.2s
Cisco IOS XE Web UI=3.4s_3.4.3s
Cisco IOS XE Web UI=3.4s_3.4.4s
Cisco IOS XE Web UI=3.4s_3.4.5s
Cisco IOS XE Web UI=3.4s_3.4.6s
Cisco IOS XE Web UI=3.4sg_3.4.0sg
Cisco IOS XE Web UI=3.4sg_3.4.1sg
Cisco IOS XE Web UI=3.4sg_3.4.2sg
Cisco IOS XE Web UI=3.4sg_3.4.3sg
Cisco IOS XE Web UI=3.4sg_3.4.4sg
Cisco IOS XE Web UI=3.4sg_3.4.5sg
Cisco IOS XE Web UI=3.4sg_3.4.6sg
Cisco IOS XE Web UI=3.4sg_3.4.7sg
Cisco IOS XE Web UI=3.5e_3.5.0e
Cisco IOS XE Web UI=3.5e_3.5.1e
Cisco IOS XE Web UI=3.5e_3.5.2e
Cisco IOS XE Web UI=3.5e_3.5.3e
Cisco IOS XE Web UI=3.5s_3.5.0s
Cisco IOS XE Web UI=3.5s_3.5.1s
Cisco IOS XE Web UI=3.5s_3.5.2s
Cisco IOS XE Web UI=3.6e_3.6.0e
Cisco IOS XE Web UI=3.6e_3.6.1e
Cisco IOS XE Web UI=3.6e_3.6.2ae
Cisco IOS XE Web UI=3.6e_3.6.2e
Cisco IOS XE Web UI=3.6e_3.6.3e
Cisco IOS XE Web UI=3.6s_3.6.0s
Cisco IOS XE Web UI=3.6s_3.6.1s
Cisco IOS XE Web UI=3.6s_3.6.2s
Cisco IOS XE Web UI=3.7e_3.7.0e
Cisco IOS XE Web UI=3.7e_3.7.1e
Cisco IOS XE Web UI=3.7e_3.7.2e
Cisco IOS XE Web UI=3.7e_3.7.3e
Cisco IOS XE Web UI=3.7s_3.7.0s
Cisco IOS XE Web UI=3.7s_3.7.1s
Cisco IOS XE Web UI=3.7s_3.7.2s
Cisco IOS XE Web UI=3.7s_3.7.2ts
Cisco IOS XE Web UI=3.7s_3.7.3s
Cisco IOS XE Web UI=3.7s_3.7.4as
Cisco IOS XE Web UI=3.7s_3.7.4s
Cisco IOS XE Web UI=3.7s_3.7.5s
Cisco IOS XE Web UI=3.7s_3.7.6s
Cisco IOS XE Web UI=3.7s_3.7.7s
Cisco IOS XE Web UI=3.8e_3.8.0e
Cisco IOS XE Web UI=3.8e_3.8.1e
Cisco IOS XE Web UI=3.8s_3.8.0s
Cisco IOS XE Web UI=3.8s_3.8.1s
Cisco IOS XE Web UI=3.8s_3.8.2s
Cisco IOS XE Web UI=3.9s_3.9.0as
Cisco IOS XE Web UI=3.9s_3.9.0s
Cisco IOS XE Web UI=3.9s_3.9.1as
Cisco IOS XE Web UI=3.9s_3.9.1s
Cisco IOS XE Web UI=3.9s_3.9.2s
Cisco IOS XE Web UI=3.10s_3.10.0s
Cisco IOS XE Web UI=3.10s_3.10.1s
Cisco IOS XE Web UI=3.10s_3.10.1xbs
Cisco IOS XE Web UI=3.10s_3.10.2s
Cisco IOS XE Web UI=3.10s_3.10.3s
Cisco IOS XE Web UI=3.10s_3.10.4s
Cisco IOS XE Web UI=3.10s_3.10.5s
Cisco IOS XE Web UI=3.10s_3.10.6s
Cisco IOS XE Web UI=3.11s_3.11.0s
Cisco IOS XE Web UI=3.11s_3.11.1s
Cisco IOS XE Web UI=3.11s_3.11.2s
Cisco IOS XE Web UI=3.11s_3.11.3s
Cisco IOS XE Web UI=3.11s_3.11.4s
Cisco IOS XE Web UI=3.12s_3.12.0s
Cisco IOS XE Web UI=3.12s_3.12.1s
Cisco IOS XE Web UI=3.12s_3.12.2s
Cisco IOS XE Web UI=3.12s_3.12.3s
Cisco IOS XE Web UI=3.12s_3.12.4s
Cisco IOS XE Web UI=3.13s_3.13.0as
Cisco IOS XE Web UI=3.13s_3.13.0s
Cisco IOS XE Web UI=3.13s_3.13.1s
Cisco IOS XE Web UI=3.13s_3.13.2as
Cisco IOS XE Web UI=3.13s_3.13.2s
Cisco IOS XE Web UI=3.13s_3.13.3s
Cisco IOS XE Web UI=3.13s_3.13.4s
Cisco IOS XE Web UI=3.14s_3.14.0s
Cisco IOS XE Web UI=3.14s_3.14.1s
Cisco IOS XE Web UI=3.14s_3.14.2s
Cisco IOS XE Web UI=3.14s_3.14.3s
Cisco IOS XE Web UI=3.15s_3.15.0s
Cisco IOS XE Web UI=3.15s_3.15.1cs
Cisco IOS XE Web UI=3.15s_3.15.1s
Cisco IOS XE Web UI=3.15s_3.15.2s
Cisco IOS XE Web UI=3.16s_3.16.0cs
Cisco IOS XE Web UI=3.16s_3.16.0s
Cisco IOS XE Web UI=3.16s_3.16.1as
Cisco IOS XE Web UI=3.16s_3.16.1s
Cisco IOS XE Web UI=3.17s_3.17.0s
Lenovo ThinkCentre E75s Firmware<m16kt61a
NETGEAR JR6150<2017-01-06
Samsung X14J eu=t-ms14jakucb-1102.5
Oracle Solaris and Zettabyte File System (ZFS)=snv_124
Zyxel GS1900-10HP firmware<2.50\(aazi.0\)c0
zzinc KeyMouse=3.08

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2016-1344?

    CVE-2016-1344 has been classified as a high severity vulnerability due to its potential to cause a denial of service by triggering device reloads.

  • How do I fix CVE-2016-1344?

    To address CVE-2016-1344, you should upgrade your Cisco IOS or IOS XE software to a version that includes the relevant security patches.

  • What systems are affected by CVE-2016-1344?

    CVE-2016-1344 affects Cisco IOS versions 15.0 through 15.6 and Cisco IOS XE versions 3.3 through 3.17.

  • What type of attack does CVE-2016-1344 enable?

    CVE-2016-1344 allows remote attackers to exploit fragmented packets to cause a denial of service.

  • Is there a workaround for CVE-2016-1344?

    There are no specific workarounds for CVE-2016-1344; upgrading to a fixed version is the recommended approach.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203