CVE-2016-8203 - OpenCVE

A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Brocade	Netiron Os

Configuration 1 [-]

OR	cpe:2.3:o:brocade:netiron_os::::::::
	cpe:2.3:o:brocade:netiron_os::::::::
	cpe:2.3:o:brocade:netiron_os:6.0.00:::::::*
	cpe:2.3:o:brocade:netiron_os:6.0.00a:::::::*

References

Link	Resource
http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf	Vendor Advisory
http://www.securityfocus.com/bid/94232	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037010

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: brocade

Published: 2016-10-31T21:00:00

Updated: 2017-07-28T09:57:01

Reserved: 2016-09-13T00:00:00

Link: CVE-2016-8203

JSON object: View

NVD Information

Status : Modified

Published: 2016-10-31T21:59:00.207

Modified: 2017-07-29T01:34:19.100

Link: CVE-2016-8203

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "Brocade MLX running on NetIron OS All Brocade MLX Line Cards running NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images", "vendor": "n/a", "versions": [{"status": "affected", "version": "Brocade MLX running on NetIron OS All Brocade MLX Line Cards running NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images"}]}], "datePublic": "2016-10-31T00:00:00", "descriptions": [{"lang": "en", "value": "A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets."}], "problemTypes": [{"descriptions": [{"description": "Memory Corruption", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T09:57:01", "orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade"}, "references": [{"name": "94232", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94232"}, {"name": "1037010", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037010"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@brocade.com", "ID": "CVE-2016-8203", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Brocade MLX running on NetIron OS All Brocade MLX Line Cards running NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images", "version": {"version_data": [{"version_value": "Brocade MLX running on NetIron OS All Brocade MLX Line Cards running NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Memory Corruption"}]}]}, "references": {"reference_data": [{"name": "94232", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94232"}, {"name": "1037010", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037010"}, {"name": "http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf", "refsource": "CONFIRM", "url": "http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "assignerShortName": "brocade", "cveId": "CVE-2016-8203", "datePublished": "2016-10-31T21:00:00", "dateReserved": "2016-09-13T00:00:00", "dateUpdated": "2017-07-28T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:brocade:netiron_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F121CF6-4562-4ED0-9353-71432914FAF4", "versionEndIncluding": "5.8.00e", "vulnerable": true}, {"criteria": "cpe:2.3:o:brocade:netiron_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7ED12F6-D5B4-426A-A7CA-299CA9891FE7", "versionEndIncluding": "5.9.00bd", "vulnerable": true}, {"criteria": "cpe:2.3:o:brocade:netiron_os:6.0.00:*:*:*:*:*:*:*", "matchCriteriaId": "4030CAB0-B1F5-4656-AFBF-36877F64D504", "vulnerable": true}, {"criteria": "cpe:2.3:o:brocade:netiron_os:6.0.00a:*:*:*:*:*:*:*", "matchCriteriaId": "BDE6B33B-C0A4-4499-B37B-5463A3926852", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets."}, {"lang": "es", "value": "Una corrupci\u00f3n de memoria en la ruta de c\u00f3digo IPsec de Brocade NetIron OS en Brocade MLXs 5.8.00 hasta la versi\u00f3n 5.8.00e, 5.9.00 hasta la versi\u00f3n 5.9.00bd, 6.0.00 y 6.0.00a im\u00e1genes podr\u00edan permitir a los atacantes provocar una denegaci\u00f3n de servicio (reinicio de tarjeta en l\u00ednea) a trav\u00e9s de ciertos paquetes de control IPsec construidos."}], "id": "CVE-2016-8203", "lastModified": "2017-07-29T01:34:19.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-31T21:59:00.207", "references": [{"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf"}, {"source": "sirt@brocade.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94232"}, {"source": "sirt@brocade.com", "url": "http://www.securitytracker.com/id/1037010"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}