CVE-2016-1399
First published: Sat May 14 2016(Updated: )
The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Puppet Cisco IOS | =15.2\(2\)eb | |
| Puppet Cisco IOS | =15.2\(2\)eb1 | |
| Cisco IE 5000-12S12P-10G Industrial Ethernet Switch | ||
| Cisco IE 5000-16S12P | ||
| Puppet Cisco IOS | =15.2\(2\)ea2 | |
| Puppet Cisco IOS | =15.2\(4\)ea | |
| Puppet Cisco IOS | =15.2\(2\)ea | |
| Puppet Cisco IOS | =15.2\(2\)ea1 | |
| Cisco IE 4000 Series | ||
| Cisco IE 4000 Series Switch | ||
| Cisco IE 4000 Series Switches | ||
| Cisco IE 4000 Series Switches | ||
| Cisco IE 4000 Series Industrial Ethernet Switches | ||
| Cisco IE 4000 Series Switches | ||
| Cisco IE 4000 Series Switches | ||
| Cisco IE-4000 Series Switches | ||
| Cisco IE-4000 Series | ||
| Cisco IE 4000 Series Switch | ||
| Cisco IE-4000 Series Switch | ||
| Cisco IE 4000 Series Switch |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1399?
CVE-2016-1399 has a Medium severity level, indicating potential impact on network availability.
How do I fix CVE-2016-1399?
To fix CVE-2016-1399, upgrade to a non-vulnerable version of Cisco IOS.
What type of devices are affected by CVE-2016-1399?
CVE-2016-1399 affects Cisco Industrial Ethernet 4000 and 5000 devices running specific versions of Cisco IOS.
What vulnerability does CVE-2016-1399 exploit?
CVE-2016-1399 exploits a flaw in the packet-processing microcode which can lead to denial of service due to packet data corruption.
Can CVE-2016-1399 be exploited remotely?
Yes, CVE-2016-1399 can be exploited remotely by sending crafted IPv4 ICMP packets.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/puppet cisco ios
- version/puppet cisco ios/15.2\(2\)eb
- version/puppet cisco ios/15.2\(2\)eb1
- canonical/cisco ie 5000-12s12p-10g industrial ethernet switch
- canonical/cisco ie 5000-16s12p
- version/puppet cisco ios/15.2\(2\)ea2
- version/puppet cisco ios/15.2\(4\)ea
- version/puppet cisco ios/15.2\(2\)ea
- version/puppet cisco ios/15.2\(2\)ea1
- canonical/cisco ie 4000 series
- canonical/cisco ie 4000 series switch
- canonical/cisco ie 4000 series switches
- canonical/cisco ie 4000 series industrial ethernet switches
- canonical/cisco ie-4000 series switches
- canonical/cisco ie-4000 series
- canonical/cisco ie-4000 series switch