CVE-2016-6398: Infoleak
First published: Mon Sep 12 2016(Updated: )
The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =15.5\(3\)m |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-6398?
CVE-2016-6398 is categorized as a medium severity vulnerability due to its potential to expose sensitive information.
How do I fix CVE-2016-6398?
To fix CVE-2016-6398, upgrade to a patched version of Cisco IOS beyond 15.5(3)M.
What type of information can attackers obtain from CVE-2016-6398?
Attackers can potentially obtain sensitive information from earlier network communications by reading uninitialized packet buffers.
What products are affected by CVE-2016-6398?
CVE-2016-6398 affects Cisco IOS version 15.5(3)M.
Is CVE-2016-6398 exploitable remotely?
Yes, CVE-2016-6398 is exploitable remotely without authentication.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/15.5\(3\)m