Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-gsqh-jcac-dfb8
SummaryThe server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
Aliases
0
alias CVE-2016-6415
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6415
reference_id
reference_type
scores
0
value 0.92676
scoring_system epss
scoring_elements 0.99762
published_at 2026-06-11T12:55:00Z
1
value 0.92676
scoring_system epss
scoring_elements 0.99763
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6415
1
reference_url http://www.securitytracker.com/id/1036841
reference_id 1036841
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2024-11-08T17:38:29Z/
url http://www.securitytracker.com/id/1036841
2
reference_url http://www.securityfocus.com/bid/93003
reference_id 93003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2024-11-08T17:38:29Z/
url http://www.securityfocus.com/bid/93003
3
reference_url http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
reference_id cisco-sa-20160916-ikev1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2024-11-08T17:38:29Z/
url http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
4
reference_url https://github.com/nixawk/labs/tree/5fde02dfdf148580b4c580ac47daeef485b3c600/CVE-2016-6415
reference_id CVE-2016-6415
reference_type exploit
scores
url https://github.com/nixawk/labs/tree/5fde02dfdf148580b4c580ac47daeef485b3c600/CVE-2016-6415
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/remote/43383.py
reference_id CVE-2016-6415
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/remote/43383.py
Weaknesses
Exploits
0
date_added null
description 
A vulnerability in Internet Key Exchange version 1 (IKEv1) packet
          processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software
          could allow an unauthenticated, remote attacker to retrieve memory
          contents, which could lead to the disclosure of confidential information.

          The vulnerability is due to insufficient condition checks in the part
          of the code that handles IKEv1 security negotiation requests.
          An attacker could exploit this vulnerability by sending a crafted IKEv1
          packet to an affected device configured to accept IKEv1 security
          negotiation requests. A successful exploit could allow the attacker
          to retrieve memory contents, which could lead to the disclosure of
          confidential information.
required_action null
due_date null
notes 
AKA:
  - BENIGNCERTAIN
Stability:
  - unknown-stability
Reliability:
  - unknown-reliability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2016-09-29
exploit_type null
platform
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ike/cisco_ike_benigncertain.rb
1
date_added 2023-05-19
description Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents. Successful exploitation could allow the attacker to retrieve memory contents, which can lead to information disclosure.
required_action Apply updates per vendor instructions.
due_date 2023-06-09
notes https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1; https://nvd.nist.gov/vuln/detail/CVE-2016-6415
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform null
source_date_updated null
data_source KEV
source_url null
2
date_added 2017-12-21
description Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2017-03-17
exploit_type remote
platform hardware
source_date_updated 2017-12-21
data_source Exploit-DB
source_url https://github.com/nixawk/labs/tree/5fde02dfdf148580b4c580ac47daeef485b3c600/CVE-2016-6415
Severity_range_score7.5 - 7.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-gsqh-jcac-dfb8