CISA Known Exploited Vulnerability

CVE-2016-6415

Cisco · IOS, IOS XR, and IOS XE

Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability

Date added 2023-05-19

BOD 22-01 due date 2023-06-09

CWE CWE-200

Ransomware Unknown

CISA description

Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents. Successful exploitation could allow the attacker to retrieve memory contents, which can lead to information disclosure.

Required action

Apply updates per vendor instructions.

Notes & references

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
https://nvd.nist.gov/vuln/detail/CVE-2016-6415

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2016-6415
CVE.org · CVE-2016-6415
CISA KEV catalog (canonical)