{"containers": {"cna": {"affected": [{"product": "Cisco IOS XE 3.16S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco IOS XE 3.16S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP"}]}], "datePublic": "2016-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers: All 3.16S releases, All 3.17S releases, Release 3.18.0S, Release 3.18.1S, Release 3.18.0SP. More Information: CSCuz62815. Known Affected Releases: 15.5(3)S2.9, 15.6(2)SP. Known Fixed Releases: 15.6(1.7)SP1, 16.4(0.183), 16.5(0.1)."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1037003", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037003"}, {"name": "93518", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93518"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-6438", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XE 3.16S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP", "version": {"version_data": [{"version_value": "Cisco IOS XE 3.16S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers: All 3.16S releases, All 3.17S releases, Release 3.18.0S, Release 3.18.1S, Release 3.18.0SP. More Information: CSCuz62815. Known Affected Releases: 15.5(3)S2.9, 15.6(2)SP. Known Fixed Releases: 15.6(1.7)SP1, 16.4(0.183), 16.5(0.1)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "1037003", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037003"}, {"name": "93518", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93518"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-6438", "datePublished": "2016-10-27T21:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2017-07-28T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.0cs:*:*:*:*:*:*:*", "matchCriteriaId": "5568EABF-8F43-4A87-8DE4-A03E9065BE53", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.0s:*:*:*:*:*:*:*", "matchCriteriaId": "A0E5BB91-B5E7-4961-87DC-26596E5EDED7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.1as:*:*:*:*:*:*:*", "matchCriteriaId": "AC72AA6D-9E18-49F7-95CA-A4A5D7A60E4E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.1s:*:*:*:*:*:*:*", "matchCriteriaId": "D3822447-EB80-4DF2-B7F2-471F55BA99C0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.2as:*:*:*:*:*:*:*", "matchCriteriaId": "BA0B441A-3A09-4A58-8A40-D463003A50BC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.2bs:*:*:*:*:*:*:*", "matchCriteriaId": "51E1A64A-204D-4567-A2DC-EFEB2AE62B54", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.2s:*:*:*:*:*:*:*", "matchCriteriaId": "970FD986-6D0E-441C-9BF3-C66A25763A7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.3as:*:*:*:*:*:*:*", "matchCriteriaId": "7EEFD3AD-EFA2-4808-801E-B98E4C63AA76", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.3s:*:*:*:*:*:*:*", "matchCriteriaId": "1826C997-6D5D-480E-A12E-3048B6C61216", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.4s:*:*:*:*:*:*:*", "matchCriteriaId": "9FBEF4B2-EA12-445A-823E-E0E5343A405E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.17.0s:*:*:*:*:*:*:*", "matchCriteriaId": "12793F39-13C4-4DBC-9B78-FE361BDDF89D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.17.1as:*:*:*:*:*:*:*", "matchCriteriaId": "1AEF94C7-CEE6-4696-9F1D-549639A831C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.17.1s:*:*:*:*:*:*:*", "matchCriteriaId": "876767C7-0196-4226-92B1-DDE851B53655", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.17.2s:*:*:*:*:*:*:*", "matchCriteriaId": "0141D67B-632F-48ED-8837-4CC799616C57", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.18.0s:*:*:*:*:*:*:*", "matchCriteriaId": "EE81AA43-88D4-4EFC-B8F6-A41EFF437819", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.18.0sp:*:*:*:*:*:*:*", "matchCriteriaId": "C18E6308-7A34-43E3-9AD8-5FB52B31ACB6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.18.1s:*:*:*:*:*:*:*", "matchCriteriaId": "6BEBCBF7-D1CF-488F-BB3E-F864F901A96A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers: All 3.16S releases, All 3.17S releases, Release 3.18.0S, Release 3.18.1S, Release 3.18.0SP. More Information: CSCuz62815. Known Affected Releases: 15.5(3)S2.9, 15.6(2)SP. Known Fixed Releases: 15.6(1.7)SP1, 16.4(0.183), 16.5(0.1)."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco IOS XE Software ejecutandose en Cisco cBR-8 Converged Broadband Routers podr\u00eda permitir a un atacante remoto no autenticado provocar un cambio en la configuraci\u00f3n de la integridad a la configuraci\u00f3n de la linea vty en un dispositivo afectado. Esta vulnerabilidad afecta a los siguientes lanzamientos de Cisco IOS XE Software ejecut\u00e1ndose en Cisco cBR-8 Converged Broadband Routers: Todos los lanzamientos 3.16S, todos los lanzamientos 3.17S, lanzamiento 3.18.0S, lanzamiento 3.18.1S, lanzamiento 3.18.0SP. M\u00e1s informaci\u00f3n: CSCuz62815. Lanzamientos conocidos afectados: 15.5(3)S2.9, 15.6(2)SP. Lanzamientos conocidos solucionados: 15.6(1.7)SP1, 16.4(0.183), 16.5(0.1)."}], "id": "CVE-2016-6438", "lastModified": "2017-07-29T01:34:18.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-27T21:59:09.810", "references": [{"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/93518"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1037003"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}