CVE-2016-1378

Published: Apr 14, 2016Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.

Affected (28)

Products: Cisco: Ios

Cisco

1 product

Ios

Configuration A

28 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios	Version 15.1(1)sg1
Cisco Ios	Version 15.1(1)sg2
Cisco Ios	Version 15.1(1)sg
Cisco Ios	Version 15.1(1)sy1
Cisco Ios	Version 15.1(1)sy2
Cisco Ios	Version 15.1(1)sy3
Cisco Ios	Version 15.1(1)sy4
Cisco Ios	Version 15.1(1)sy5
Cisco Ios	Version 15.1(1)sy6
Cisco Ios	Version 15.1(1)sy
Cisco Ios	Version 15.1(2)sg1
Cisco Ios	Version 15.1(2)sg2
Cisco Ios	Version 15.1(2)sg3
Cisco Ios	Version 15.1(2)sg4
Cisco Ios	Version 15.1(2)sg5
Cisco Ios	Version 15.1(2)sg6
Cisco Ios	Version 15.1(2)sg7
Cisco Ios	Version 15.1(2)sg
Cisco Ios	Version 15.1(2)sy1
Cisco Ios	Version 15.1(2)sy2
Cisco Ios	Version 15.1(2)sy3
Cisco Ios	Version 15.1(2)sy4
Cisco Ios	Version 15.1(2)sy4a
Cisco Ios	Version 15.1(2)sy5
Cisco Ios	Version 15.1(2)sy6
Cisco Ios	Version 15.1(2)sy7
Cisco Ios	Version 15.1(2)sy8
Cisco Ios	Version 15.1(2)sy

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1035566

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1035566

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.