Test ID:	1.3.6.1.4.1.25623.1.0.106298
Category:	CISCO
Title:	Cisco IOS XE Software DNS Forwarder Denial of Service Vulnerability
Summary:	A vulnerability in the DNS forwarder functionality of Cisco IOS XE Software;could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present;in the device's local DNS cache, or read part of the process memory.
Description:	Summary: A vulnerability in the DNS forwarder functionality of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present in the device's local DNS cache, or read part of the process memory. Vulnerability Insight: The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by intercepting and crafting a DNS response message to a client DNS query that was forwarded from the affected device to a DNS server. Vulnerability Impact: A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Solution: See the referenced vendor advisory for a solution. CVSS Score: 8.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6380 BugTraq ID: 93201 http://www.securityfocus.com/bid/93201 Cisco Security Advisory: 20160928 Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04 http://www.securitytracker.com/id/1036914
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.