VAR-201612-0160
Vulnerability from variot - Updated: 2025-04-13 23:37A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203. The Cisco ASR5000 Series Aggregation Services Routers is a set of 9000 Series router devices from Cisco. A remote denial of service vulnerability exists in Cisco ASR5000 Series AggregationServicesRouters. An attacker could exploit this vulnerability to overload an affected device and refuse to provide services to legitimate users. This issue is being tracked by Cisco Bug ID CSCva84552
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "asr 5000 series software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "20.0.0"
},
{
"_id": null,
"model": "asr 5000 series software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "21.0.0"
},
{
"_id": null,
"model": "asr 5000 series software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "21.0.m0.64702"
},
{
"_id": null,
"model": "asr series",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "50000"
},
{
"_id": null,
"model": "asr 5000 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "BID",
"id": "94772"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
},
{
"db": "NVD",
"id": "CVE-2016-6467"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:asr_5000_series_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:asr_5000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
}
]
},
"credits": {
"_id": null,
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "94772"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6467",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6467",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-12275",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-95287",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6467",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6467",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-6467",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-12275",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-204",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95287",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-6467",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "VULHUB",
"id": "VHN-95287"
},
{
"db": "VULMON",
"id": "CVE-2016-6467"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
},
{
"db": "NVD",
"id": "CVE-2016-6467"
}
]
},
"description": {
"_id": null,
"data": "A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203. The Cisco ASR5000 Series Aggregation Services Routers is a set of 9000 Series router devices from Cisco. A remote denial of service vulnerability exists in Cisco ASR5000 Series AggregationServicesRouters. An attacker could exploit this vulnerability to overload an affected device and refuse to provide services to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCva84552",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6467"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "BID",
"id": "94772"
},
{
"db": "VULHUB",
"id": "VHN-95287"
},
{
"db": "VULMON",
"id": "CVE-2016-6467"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-6467",
"trust": 3.5
},
{
"db": "BID",
"id": "94772",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1037416",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12275",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95287",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6467",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "VULHUB",
"id": "VHN-95287"
},
{
"db": "VULMON",
"id": "CVE-2016-6467"
},
{
"db": "BID",
"id": "94772"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
},
{
"db": "NVD",
"id": "CVE-2016-6467"
}
]
},
"id": "VAR-201612-0160",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "VULHUB",
"id": "VHN-95287"
}
],
"trust": 1.1269730199999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
}
]
},
"last_update_date": "2025-04-13T23:37:27.620000Z",
"patch": {
"_id": null,
"data": [
{
"title": "cisco-sa-20161207-asr",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr"
},
{
"title": "CiscoASR5000SeriesAggregationServicesRouters Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/85835"
},
{
"title": "Cisco ASR 5000 Series Aggregation Services Routers Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66245"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95287"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "NVD",
"id": "CVE-2016-6467"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/94772"
},
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-asr"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1037416"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6467"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6467"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "VULHUB",
"id": "VHN-95287"
},
{
"db": "VULMON",
"id": "CVE-2016-6467"
},
{
"db": "BID",
"id": "94772"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
},
{
"db": "NVD",
"id": "CVE-2016-6467"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12275",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-95287",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2016-6467",
"ident": null
},
{
"db": "BID",
"id": "94772",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006306",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-6467",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12275",
"ident": null
},
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-95287",
"ident": null
},
{
"date": "2016-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6467",
"ident": null
},
{
"date": "2016-12-07T00:00:00",
"db": "BID",
"id": "94772",
"ident": null
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006306",
"ident": null
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-204",
"ident": null
},
{
"date": "2016-12-14T00:59:06.203000",
"db": "NVD",
"id": "CVE-2016-6467",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12275",
"ident": null
},
{
"date": "2017-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-95287",
"ident": null
},
{
"date": "2017-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6467",
"ident": null
},
{
"date": "2016-12-20T01:08:00",
"db": "BID",
"id": "94772",
"ident": null
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006306",
"ident": null
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-204",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6467",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Cisco ASR 5000 Series Aggregation Services Routers Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12275"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-204"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…