CVE-2016-6415

7.5 HIGH CISA KEV - Actively Exploited

Published: September 19, 2016 Modified: October 22, 2025

Description

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/93003

Source: psirt@cisco.com

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1036841

Source: psirt@cisco.com

Third Party Advisory VDB Entry

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/93003

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1036841

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-6415

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

7 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.5 / 10.0

EPSS (Exploit Probability)

93.0%

100th percentile

Exploitation Status

Actively Exploited

Remediation due: 2023-06-09

Weaknesses (CWE)

CWE-200

Affected Vendors

cisco

Related CVEs

CVE-2025-52691 10.0

CVE-2025-15168 7.3

CVE-2025-15167 7.3

CVE-2025-15166 7.3

CVE-2025-15165 7.3