漏洞关键信息 Advisory ID: cisco-sa-20160215-ie2000 CVE ID: CVE-2016-1330 CWE ID: CWE-399 CVSS Score: Base 6.1, Temporal 5.8 Severity: Medium Affected Products: - Cisco Industrial Ethernet 2000 Series Switches running Cisco IOS Software Release 15.2(4)E are vulnerable. Issue: - A vulnerability in the processing of Cisco Discovery Protocol (CDP) packets by Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload. - The vulnerability is due to improper processing of crafted CDP packets. Workarounds: No workarounds available. Fixed Software: customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution. Exploitation Status: The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability. URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160215-ie2000 Revision History: - Version 1.0 - Initial public release, Final status, 2016-February-15