CVE-2016-6415 — Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability
2023-05-19 • CISA Known Exploited Vulnerability
[event] Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents. Successful exploitation could allow the attacker to retrieve memory contents, which can lead to information disclosure.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Cisco |
| Product | IOS, IOS XR, and IOS XE |
| CWE | CWE-200 |
| CVE ID | CVE-2016-6415 |
| Date Added | 2023-05-19 |
| Due Date | 2023-06-09 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2023-06-09