CVE - CVE-2016-1344

<?xml version="1.0"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="keywords" content="CVE, CVE List, CVE Records, CVE ID, CVE IDs, CVE Identifier, CVE Identifiers, CVE ID number, CVE ID numbers, CVE number, CVE numbers, CVE Record, CVE Records, CVE Entry, CVE Entries, CVE name, CVEs, CVE-, Reserved but Public, RBP, CVE Numbering Authority, CVE Naming Authority, CNA, CNAs, Root, Top-Level Root, TL-Root, CNA of Last Resort, CNA-LR, Secretariat, Authorized Data Publisher, ADP, CVE Adoption, CVE Automation, CVE Services, CVE JSON, National Vulnerability Database, NVD, Common Vulnerability Scoring System, CVSS, scoring, severity secoring, standard, standards, vulnerability, vulnerabilities, vulnerability management, vulnerability id, vulnerability name, vulnerability naming, vulnerability naming scheme, software flaw, software coding error, software bug, software bugs, firmware, network security, cybersecurity, cyber security, cyber security standards, cybersecurity standards, infosec, information security, information security standards, network security standards, community standards, vulnerability database, security advisory, security advisories, security alerts, vulnerability alerts, zero-day, 0-day, vulnerability assessment and remediation, vulnerability assessment service, vulnerability notification service, intrusion detection service, IDS, intrusion detection and management, intrusion monitoring and response service, intrusion prevention service, IPS, incident management, data/event correlation, firewall, patch management, patches, patching, enterprise information security architecture, SIM, security information management, cloud, cloud security, policy compliance, information security automation, cybersecurity automation, CVE Working Groups, CVE Board, DHS, Cybersecurity and Infrastructure Security Agency, CISA" /> <meta name="description" content="The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities." /> <meta name="google-site-verification" content="Dk82cCXTLpuQQok4nbpDBxZDpA3ltnSAnnhMqY1XBxI" />  <script async src="https://www.googletagmanager.com/gtag/js?id=UA-37948909-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-37948909-1'); </script> <link href="/css/main.css" rel="stylesheet" type="text/css" /> <script src="/includes/jquery-3.2.1.min.js"></script> <script src="/includes/jquery-migrate-3.0.0.min.js"></script> <script src="/includes/browserheight.js" language="JavaScript" type="text/javascript"></script> <script src="https://cmp.osano.com/AzyhULTdPkqmy4aDN/fab1add1-e069-4b98-8ba9-cbdc6401a635/osano.js"></script> <link href="/css/print.css" rel="stylesheet" media="print" type="text/css" /> <title>CVE - CVE-2016-1344 </title> </head> <body> <div id="Page">  <div id="Header"> <table style="width:100%;border-collapse:collapse" summary="Header Layout Table"> <tr> <td style="vertical-align:middle; text-align:left; white-space:nowrap; padding-top:5px; padding-bottom:5px"> <div style="width:170px;"> <a class="none" href="/index.html"> <img src="/images/cvelogobanner.png" width="206" height="55" alt="CVE" style="border:0" /> </a> </div> </td> <td style="vertical-align:top;text-align:center;width:100%"> <div class="alignright" style="float:right;vertical-align:top;"> <table style="text-align:right"></table> </div>  <head> <style> .dropbtn { background-color: #ffffff; color: #C8C8C8; padding: 0px 18px; font-size: 15px; font-weight: bold; border: none; cursor: pointer; } .dropdown { position: relative; display: inline-block; } .dropdown-content { display: none; position: absolute; text-align: left; background-color: #ffffff; min-width: 250px; box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2); z-index: 1; } .dropdown-content a { color: black; padding: 12px 16px; font-size: 11px; text-align: left; text-decoration: none; display: block; } .dropdown-content a:hover {background-color: #cccccc;} .dropdown:hover .dropdown-content { display: block; } .dropdown:hover .dropbtn { background-color: #ffffff; } </style> </head> <body>      <div class="dropdown"> <a target="_blank" href="https://www.cve.org/"><button class="dropbtn">CVE List▾</button></a> <div class="dropdown-content"> <strong><a href="/cve/search_cve_list.html">CVE List Search</a></strong> <a href="https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve">Search Tips</a> <strong><a href="https://cveform.mitre.org/">CVE Request Web Form</a></strong> <a href="https://www.cve.org/ResourcesSupport/FAQs#pc_cve_request_web_form">Web Form Help</a> <a href="https://www.cve.org/ResourcesSupport/FAQs#pc_cve_request_web_formweb_form_encrypt_requests">PGP Key</a> <strong><a href="https://www.cve.org/Legal/TermsOfUse">Terms of Use</a></strong> </div> </div>        <div class="dropdown"> <a href="https://www.cve.org/ProgramOrganization/CNAs"><button class="dropbtn">CNAs▾</button></a> <div class="dropdown-content"> <strong><a href="https://www.cve.org/ProgramOrganization/CNAs">CVE Numbering Authorities (CNAs)</a></strong> <strong><a href="https://www.cve.org/PartnerInformation/Partner#HowToBecomeAPartner">How to Become a CNA</a></strong> </div> </div>         <div class="dropdown"> <a href="https://www.cve.org/ProgramOrganization/WorkingGroups"><button class="dropbtn">WGs▾</button></a> <div class="dropdown-content"> <strong><a href="https://www.cve.org/ProgramOrganization/WorkingGroups">CVE Working Groups</a></strong> </div> </div>         <div class="dropdown"> <a href="https://www.cve.org/ProgramOrganization/Board"><button class="dropbtn">Board▾</button></a> <div class="dropdown-content"> <strong><a href="https://www.cve.org/ProgramOrganization/Board">CVE Board</a></strong> <a href="/community/board/archive.html#meeting_summaries">Meeting Archives</a> <a href="https://www.cve.org/ProgramOrganization/Board#Resources">Email Archives</a> </div> </div>        <div class="dropdown"> <a href="https://www.cve.org/About/Overview"><button class="dropbtn">About▾</button></a> <div class="dropdown-content"> <strong><a href="https://www.cve.org/About/Overview">About CVE</a></strong> </div> </div>       <div class="dropdown"> <a href="https://www.cve.org/Media/News/AllNews"><button class="dropbtn">News▾</button></a> <div class="dropdown-content"> <strong><a href="https://www.cve.org/Media/News/AllNews">News, Blogs & Podcasts</a></strong> </div> </div> </div> </body>  </div> <div style="width:50%;"><p><a href="/index.html"></a></div> </div> </td> </tr> <tr> <td colspan="2" style="vertical-align:top">  <div id="NavBar" class="noprint">         <div class="NavSection"><a href="/cve/search_cve_list.html">Search CVE List</a></div>         <div class="NavSection"><a href="https://www.cve.org/Downloads">Downloads</a></div>         <div class="NavSection"><a href="https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicscve_list_data_feeds">Data Feeds</a></div>         <div class="NavSection"><a href="https://www.cve.org/ReportRequest/ReportRequestForNonCNAs#UpdateCVERecord">Update a CVE Record</a> </div>         <div class="NavSection"><a href="https://www.cve.org/ReportRequest/ReportRequestForNonCNAs#RequestCVEID">Request CVE IDs</a></div>         </div>  </td> </tr> <tr> <td colspan="2" style="vertical-align:top">  <div id="HeaderBar" class="noprint"> TOTAL CVE Records: <a target="_blank" href="https://www.cve.org/"> 240830</a> <br><br> NOTICE: <span class="ltredbold">Transition to the all-new CVE website at <a href="https://www.cve.org/">WWW.CVE.ORG</a> and <a href="https://www.cve.org/Media/News/item/blog/2022/10/06/CVE-Records-Are-Now-Displayed">CVE Record Format JSON</a> are underway.</span> <br><br> NOTICE: <span class="ltredbold">Support for the legacy CVE download formats <a href="https://www.cve.org/Media/News/item/blog/2024/07/02/Legacy-CVE-Download-Formats-No-Longer-Supported">ended on June 30, 2024</a>.<br/>New CVE List download format is <a href="https://www.cve.org/Media/News/item/blog/2023/03/29/CVE-Downloads-in-JSON-5-Format">available now</a> on CVE.ORG.</span> <br><br> </div></div>  </td> </tr> </table> <style type="text/css"> .alignright { text-align: right; font-size: x-small; } </style> <div id="BreadCrumbs" class="noprint"> <a href="/">Home</a> > <a href="/cve/">CVE</a> > CVE-2016-1344  </div> </div>   <div id="LeftPane"> </div>   <div id="CenterPane"> <script src="/includes/printerfriendly.js" language="JavaScript" type="text/javascript">printview();</script> <div id="GeneratedTable"> <table cellpadding="0" cellspacing="0" border="0" width="100%"> <tr> <th colspan="2">CVE-ID</th> </tr> <tr> <td nowrap="nowrap" align="center" valign="top"> <h2>CVE-2016-1344</h2> </td> <td valign="top" class="ltgreybackground"> <div class="larger"><a href="https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1344" target="_blank">Learn more at National Vulnerability Database (NVD)</a></div> <div class="smaller">• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information</div> </td> </tr> <tr> <th colspan="2">Description</th> </tr> <tr> <td colspan="2">The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. </td> </tr> <tr> <th colspan="2">References</th> </tr> <tr> <td colspan="2" class="note"> <b>Note:</b> <a href="/data/refs/index.html">References</a> are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. </td> </tr> <tr> <td colspan="2"> <ul> <li>BID:85311 <li><a target="_blank" href="http://www.securityfocus.com/bid/85311">URL:http://www.securityfocus.com/bid/85311</a> <li>CISCO:20160323 Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability <li><a target="_blank" href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2">URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2</a> <li>SECTRACK:1035382 <li><a target="_blank" href="http://www.securitytracker.com/id/1035382">URL:http://www.securitytracker.com/id/1035382</a> </ul> </td> </tr> <tr> <th colspan="2">Assigning CNA</th> </tr> <tr> <td colspan="2">Cisco Systems, Inc.</td> </tr> <tr> <th colspan="2">Date Record Created</th> </tr> <tr> <td><b>20160104</b></td> <td class="ltgreybackground"> Disclaimer: The <a href="/about/faqs.html#date_record_created_in_cve_record">record creation date</a> may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE. </td> </tr> <tr> <th colspan="2">Phase (Legacy)</th> </tr> <tr> <td colspan="2">Assigned (20160104)</td> </tr> <tr> <th colspan="2">Votes (Legacy)</th> </tr> <tr> <td colspan="2"></td> </tr> <tr> <th colspan="2">Comments (Legacy)</th> </tr> <tr> <td colspan="2"><pre> </pre></td> </tr> <tr> <th colspan="2">Proposed (Legacy)</th> </tr> <tr> <td colspan="2">N/A</td> </tr> <tr> <td colspan="3" class="note"> This is an record on the <a href="/cve/">CVE List</a>, which provides common identifiers for publicly known cybersecurity vulnerabilities.</td> </tr> <tr> <td colspan="2" class="search"> <form style="padding:0px; margin:0px;" method="get" action="/cgi-bin/cvekey.cgi"> <label for="keyword"><span class="redbold" style="text-transform:uppercase">Search CVE Using Keywords:</span></label>  <input name="keyword" id="keyword" maxlength="100" tabindex="0" type="textarea"></input> <input type="submit" value="Submit"/> </form> <div class="smaller">You can also search by reference using the <a href="/data/refs/index.html">CVE Reference Maps</a>.</div> </td> </tr> <tr> <td colspan="2" class="search"> <span style="font-weight:bold">For More Information:</span>  <a target="_blank" href="https://cveform.mitre.org/">CVE Request Web Form</a> (select "Other" from dropdown) </td> </tr> </table> </div> <div class="backtop noprint"><a href="#top">Back to top</a></div>   </div> </div>   <div id="FootPane" class="noprint"> <div id="Footer"> <table> <tr> <td> <div class="noprint" style="font-size:70%; text-align:center; padding-top:0px; padding-bottom:3px;"> <b> <a href="https://www.cve.org/">Go to CVE.ORG website</a> | <a target="_blank" href="https://www.cve.org/Legal/TermsOfUse">Terms of Use</a> | <a href="#" onclick="Osano.cm.showDrawer('osano-cm-dom-info-dialog-open')">Manage Cookies</a> | <a href="/cookie_notice.html">Cookie Notice</a> | <a target="_blank" href="https://www.cve.org/Legal/PrivacyPolicy">Privacy Policy</a> | <a target="_blank" href="https://cveform.mitre.org/">Contact</a> </td> </tr> </div> <tr> <td> <p>Use of the CVE® List and the associated references from this website are subject to the <a target="_blank" href="https://www.cve.org/Legal/TermsOfUse">terms of use</a>. CVE is sponsored by the <a href="https://www.dhs.gov/" target="_blank">U.S. Department of Homeland Security</a> (DHS) <a href="https://www.dhs.gov/cisa/cybersecurity-division/" target="_blank">Cybersecurity and Infrastructure Security Agency</a> (CISA). Copyright © 1999–2024, <a href="https://www.mitre.org/" target="_blank">The MITRE Corporation</a>. CVE and the CVE logo are registered trademarks of The MITRE Corporation.</p> </td> </tr> </table>  </div> </div>  <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-37948909-1', 'auto'); ga('send', 'pageview'); </script>  </body> </html>

CINXE.COM

CVE - CVE-2016-1344