Cyber Resilience

CVE-2016-6415

HighCISA KEVActive ExploitationEUVD Exploited

Published: 19 September 2016

Published
19 September 2016
Modified
22 April 2026
KEV Added
19 May 2023
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.9268 99.8th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-6415 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Cisco Ios. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability tracked as CVE-2016-6415 is an information exposure flaw (CWE-200) in the IKEv1 server implementation on Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX software before 7.0. It is triggered when a device processes a Security Association negotiation request, allowing an attacker to read sensitive data from device memory; the issue is also referenced by Cisco Bug IDs CSCvb29204 and CSCvb36055 and the name BENIGNCERTAIN.

Remote unauthenticated attackers can exploit the flaw over the network by sending a crafted IKEv1 SA negotiation request, resulting in disclosure of sensitive information from the affected device's memory with no impact on integrity or availability.

The referenced Cisco Security Advisory cisco-sa-20160916-ikev1 describes the affected products and provides mitigation guidance for customers running the listed IOS, IOS XE, IOS XR, and PIX releases. No public details on observed in-the-wild exploitation are supplied in the available references.

EU & UK References

Vulnerability details

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via…

more

a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

CWE(s)
KEV Date Added
19 May 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
12.2 — 12.4 · 15.0 — 15.6
cisco
ios xe
≤ 3.18s
cisco
ios xr
4.3.0 — 4.3.4 · 5.0.0 — 5.3.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the known IKEv1 memory-disclosure flaw (CSCvb29204) via patches or upgrades.

prevent

Requires validation of IKEv1 SA negotiation inputs to reject crafted requests that trigger unauthorized memory reads.

prevent

Boundary-protection rules can restrict IKEv1 (UDP 500/4500) exposure to only trusted peers, reducing the attack surface for unauthenticated remote exploitation.

References