CVE-2016-1378: Infoleak
First published: Thu Apr 14 2016(Updated: )
Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =15.1\(1\)sg | |
| Cisco IOS | =15.1\(1\)sg1 | |
| Cisco IOS | =15.1\(1\)sg2 | |
| Cisco IOS | =15.1\(1\)sy | |
| Cisco IOS | =15.1\(1\)sy1 | |
| Cisco IOS | =15.1\(1\)sy2 | |
| Cisco IOS | =15.1\(1\)sy3 | |
| Cisco IOS | =15.1\(1\)sy4 | |
| Cisco IOS | =15.1\(1\)sy5 | |
| Cisco IOS | =15.1\(1\)sy6 | |
| Cisco IOS | =15.1\(2\)sg | |
| Cisco IOS | =15.1\(2\)sg1 | |
| Cisco IOS | =15.1\(2\)sg2 | |
| Cisco IOS | =15.1\(2\)sg3 | |
| Cisco IOS | =15.1\(2\)sg4 | |
| Cisco IOS | =15.1\(2\)sg5 | |
| Cisco IOS | =15.1\(2\)sg6 | |
| Cisco IOS | =15.1\(2\)sg7 | |
| Cisco IOS | =15.1\(2\)sy | |
| Cisco IOS | =15.1\(2\)sy1 | |
| Cisco IOS | =15.1\(2\)sy2 | |
| Cisco IOS | =15.1\(2\)sy3 | |
| Cisco IOS | =15.1\(2\)sy4 | |
| Cisco IOS | =15.1\(2\)sy4a | |
| Cisco IOS | =15.1\(2\)sy5 | |
| Cisco IOS | =15.1\(2\)sy6 | |
| Cisco IOS | =15.1\(2\)sy7 | |
| Cisco IOS | =15.1\(2\)sy8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1378?
CVE-2016-1378 has a severity rating of medium, allowing remote attackers to gather sensitive software-version information.
How do I fix CVE-2016-1378?
To mitigate CVE-2016-1378, upgrade your Cisco IOS to version 15.2(2)E1 or later.
What systems are affected by CVE-2016-1378?
CVE-2016-1378 affects various versions of Cisco IOS prior to 15.2(2)E1 on Catalyst switches.
Can CVE-2016-1378 be exploited remotely?
Yes, CVE-2016-1378 can be exploited by remote attackers via a request to the Network Mobility Services Protocol (NMSP) port.
What information can attackers obtain from CVE-2016-1378?
Attackers can potentially obtain sensitive software-version information due to CVE-2016-1378.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/15.1\(1\)sg
- version/cisco ios/15.1\(1\)sg1
- version/cisco ios/15.1\(1\)sg2
- version/cisco ios/15.1\(1\)sy
- version/cisco ios/15.1\(1\)sy1
- version/cisco ios/15.1\(1\)sy2
- version/cisco ios/15.1\(1\)sy3
- version/cisco ios/15.1\(1\)sy4
- version/cisco ios/15.1\(1\)sy5
- version/cisco ios/15.1\(1\)sy6
- version/cisco ios/15.1\(2\)sg
- version/cisco ios/15.1\(2\)sg1
- version/cisco ios/15.1\(2\)sg2
- version/cisco ios/15.1\(2\)sg3
- version/cisco ios/15.1\(2\)sg4
- version/cisco ios/15.1\(2\)sg5
- version/cisco ios/15.1\(2\)sg6
- version/cisco ios/15.1\(2\)sg7
- version/cisco ios/15.1\(2\)sy
- version/cisco ios/15.1\(2\)sy1
- version/cisco ios/15.1\(2\)sy2
- version/cisco ios/15.1\(2\)sy3
- version/cisco ios/15.1\(2\)sy4
- version/cisco ios/15.1\(2\)sy4a
- version/cisco ios/15.1\(2\)sy5
- version/cisco ios/15.1\(2\)sy6
- version/cisco ios/15.1\(2\)sy7
- version/cisco ios/15.1\(2\)sy8