HomePentest-Tools.com Logo

Cisco IOS XE Software H.323 Message Validation Denial of Service Vulnerability CVE-2016-6384

Severity
CVSSv3 Score
7.5
Vulnerability description

A vulnerability in the H.323 subsystem of Cisco IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition on an affected device.

Risk description

The vulnerability is due to a failure to properly validate certain fields in an H.323 protocol suite message. When processing the malicious message, the affected device may attempt to access an invalid memory region, resulting in a crash. An attacker who can submit an H.323 packet designed to trigger the vulnerability could cause the affected device to crash and restart.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 5, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available