CVE-2016-1349
First published: Sat Mar 26 2016(Updated: )
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE | =3.2ja_3.2.0ja | |
| Cisco IOS XE | =3.2se_3.2.0se | |
| Cisco IOS XE | =3.2se_3.2.1se | |
| Cisco IOS XE | =3.2se_3.2.2se | |
| Cisco IOS XE | =3.2se_3.2.3se | |
| Cisco IOS XE | =3.3se_3.3.0se | |
| Cisco IOS XE | =3.3se_3.3.1se | |
| Cisco IOS XE | =3.3se_3.3.2se | |
| Cisco IOS XE | =3.3se_3.3.3se | |
| Cisco IOS XE | =3.3se_3.3.4se | |
| Cisco IOS XE | =3.3se_3.3.5se | |
| Cisco IOS XE | =3.3xo_3.3.0xo | |
| Cisco IOS XE | =3.3xo_3.3.1xo | |
| Cisco IOS XE | =3.3xo_3.3.2xo | |
| Cisco IOS XE | =3.4sg_3.4.0sg | |
| Cisco IOS XE | =3.4sg_3.4.1sg | |
| Cisco IOS XE | =3.4sg_3.4.2sg | |
| Cisco IOS XE | =3.4sg_3.4.3sg | |
| Cisco IOS XE | =3.4sg_3.4.4sg | |
| Cisco IOS XE | =3.4sg_3.4.5sg | |
| Cisco IOS XE | =3.4sg_3.4.6sg | |
| Cisco IOS XE | =3.5e_3.5.0e | |
| Cisco IOS XE | =3.5e_3.5.1e | |
| Cisco IOS XE | =3.5e_3.5.2e | |
| Cisco IOS XE | =3.5e_3.5.3e | |
| Cisco IOS XE | =3.6e_3.6.0e | |
| Cisco IOS XE | =3.6e_3.6.1e | |
| Cisco IOS XE | =3.6e_3.6.2ae | |
| Cisco IOS XE | =3.6e_3.6.2e | |
| Cisco IOS XE | =3.7e_3.7.0e | |
| Cisco IOS XE | =3.7e_3.7.1e | |
| Cisco IOS XE | =3.7e_3.7.2e | |
| Intel Core i5-9400 Firmware | ||
| NETGEAR JR6150 | <2017-01-06 | |
| Samsung X14J eu | =t-ms14jakucb-1102.5 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =snv_124 | |
| Zyxel GS1900-10HP firmware | <2.50\(aazi.0\)c0 | |
| zzinc KeyMouse | =3.08 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1349?
CVE-2016-1349 is classified as a high severity vulnerability due to its ability to cause a denial of service by reloading affected devices.
How do I fix CVE-2016-1349?
To mitigate CVE-2016-1349, it is recommended to upgrade to a Cisco IOS or IOS XE version that addresses this vulnerability as detailed in Cisco's security advisory.
Which devices are affected by CVE-2016-1349?
CVE-2016-1349 affects various Cisco IOS and IOS XE versions, specifically 12.2, 15.0, and 15.2, and certain versions of IOS XE 3.2 through 3.7.
What is the impact of exploiting CVE-2016-1349?
Exploitation of CVE-2016-1349 allows remote attackers to send crafted packets that could lead to device reloads, effectively causing a denial of service.
Is there a workaround for CVE-2016-1349?
A temporary workaround for CVE-2016-1349 includes disabling the Smart Install feature on affected devices until the software is updated.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios xe
- version/cisco ios xe/3.2ja_3.2.0ja
- version/cisco ios xe/3.2se_3.2.0se
- version/cisco ios xe/3.2se_3.2.1se
- version/cisco ios xe/3.2se_3.2.2se
- version/cisco ios xe/3.2se_3.2.3se
- version/cisco ios xe/3.3se_3.3.0se
- version/cisco ios xe/3.3se_3.3.1se
- version/cisco ios xe/3.3se_3.3.2se
- version/cisco ios xe/3.3se_3.3.3se
- version/cisco ios xe/3.3se_3.3.4se
- version/cisco ios xe/3.3se_3.3.5se
- version/cisco ios xe/3.3xo_3.3.0xo
- version/cisco ios xe/3.3xo_3.3.1xo
- version/cisco ios xe/3.3xo_3.3.2xo
- version/cisco ios xe/3.4sg_3.4.0sg
- version/cisco ios xe/3.4sg_3.4.1sg
- version/cisco ios xe/3.4sg_3.4.2sg
- version/cisco ios xe/3.4sg_3.4.3sg
- version/cisco ios xe/3.4sg_3.4.4sg
- version/cisco ios xe/3.4sg_3.4.5sg
- version/cisco ios xe/3.4sg_3.4.6sg
- version/cisco ios xe/3.5e_3.5.0e
- version/cisco ios xe/3.5e_3.5.1e
- version/cisco ios xe/3.5e_3.5.2e
- version/cisco ios xe/3.5e_3.5.3e
- version/cisco ios xe/3.6e_3.6.0e
- version/cisco ios xe/3.6e_3.6.1e
- version/cisco ios xe/3.6e_3.6.2ae
- version/cisco ios xe/3.6e_3.6.2e
- version/cisco ios xe/3.7e_3.7.0e
- version/cisco ios xe/3.7e_3.7.1e
- version/cisco ios xe/3.7e_3.7.2e
- vendor/intel
- canonical/intel core i5-9400 firmware
- vendor/netgear
- canonical/netgear jr6150
- vendor/samsung
- canonical/samsung x14j eu
- version/samsung x14j eu/t-ms14jakucb-1102.5
- vendor/sun
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/snv_124
- vendor/zyxel
- canonical/zyxel gs1900-10hp firmware
- vendor/zzinc
- canonical/zzinc keymouse
- version/zzinc keymouse/3.08