CVE-2016-6474

Name of the Vulnerable Software and Affected Versions Cisco IOS and IOS XE Software versions prior to 15.2(4)E1 Cisco IOS and IOS XE Software versions prior to 15.2(4)E2 Cisco IOS and IOS XE Software versions prior to 15.2(4)E3 Cisco IOS and IOS XE Software versions prior to 15.2(4)EA4 Cisco IOS and IOS XE Software versions prior to 15.2(4.0r)EB Cisco IOS and IOS XE Software versions prior to 15.2(4.1.27)EB Cisco IOS and IOS XE Software versions prior to 15.2(4.4.2)EA4 Cisco IOS and IOS XE Software versions prior to 15.2(4.7.1)EC Cisco IOS and IOS XE Software versions prior to 15.2(4.7.2)EC Cisco IOS and IOS XE Software versions prior to 15.2(5.1.1)E Cisco IOS and IOS XE Software versions prior to 15.2(5.5.63)E Cisco IOS and IOS XE Software versions prior to 15.2(5.5.64)E Cisco IOS and IOS XE Software versions prior to 15.4(1)IA1.80 Cisco IOS and IOS XE Software versions prior to 15.5(3)M1.1 Cisco IOS and IOS XE Software versions prior to 15.5(3)M2 Cisco IOS and IOS XE Software versions prior to 15.5(3)S1.4 Cisco IOS and IOS XE Software versions prior to 15.5(3)S2 Cisco IOS and IOS XE Software versions prior to 15.6(0.22)S0.12 Cisco IOS and IOS XE Software versions prior to 15.6(1)T0.1 Cisco IOS and IOS XE Software versions prior to 15.6(1)T1 Cisco IOS and IOS XE Software versions prior to 15.6(1.15)T Cisco IOS and IOS XE Software versions prior to 15.6(1.17)S0.7 Cisco IOS and IOS XE Software versions prior to 15.6(1.17)SP Cisco IOS and IOS XE Software versions prior to 15.6(1.22.1a)T0 Cisco IOS and IOS XE Software versions prior to 15.6(2)S Cisco IOS and IOS XE Software versions prior to 15.6(2)SP Cisco IOS and IOS XE Software versions prior to 16.1(1.24) Cisco IOS and IOS XE Software versions prior to 16.1.2 Cisco IOS and IOS XE Software versions prior to 16.2(0.247) Cisco IOS and IOS XE Software versions prior to 16.3(0.11) Cisco IOS and IOS XE Software versions prior to 3.8(1)E Cisco IOS and IOS XE Software version 15.5(2.25)T

Description A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to improper validation of X.509 signatures during the SSH authentication phase. An attacker could exploit this vulnerability by presenting an invalid X.509 signature to an affected system. A successful exploit could allow the attacker to impersonate an existing valid user over an SSH connection.

Recommendations For Cisco IOS and IOS XE Software version 15.5(2.25)T, update to a fixed release. For Cisco IOS and IOS XE Software versions prior to 15.2(4)E1, update to version 15.2(4)E1 or later. For Cisco IOS and IOS XE Software versions prior to 15.2(4)E2, update to version 15.2(4)E2 or later. For Cisco IOS and IOS XE Software versions prior to 15.2(4)E3, update to version 15.2(4)E3 or later. For Cisco IOS and IOS XE Software versions prior to 15.2(4)EA4, update to version 15.2(4)EA4 or later. For Cisco IOS and IOS XE Software versions prior to 15.2(4.0r)EB, update to version 15.2(4.0r)EB or later. For Cisco IOS and IOS XE Software versions prior to 15.2(4.1.27)EB, update to version 15.2(4.1.27)EB or later. For Cisco IOS and IOS XE Software versions prior to 15.2(4.4.2)EA4, update to version 15.2(4.4.2)EA4 or later. For Cisco IOS and IOS XE Software versions prior to 15.2(4.7.1)EC, update to version 15.2(4.7.1)EC or later. For Cisco IOS and IOS XE Software versions prior to 15.2(4.7.2)EC, update to version 15.2(4.7.2)EC or later. For Cisco IOS and IOS XE Software versions prior to 15.2(5.1.1)E, update to version 15.2(5.1.1)E or later. For Cisco IOS and IOS XE Software versions prior to 15.2(5.5.63)E, update to version 15.2(5.5.63)E or later. For Cisco IOS and IOS XE Software versions prior to 15.2(5.5.64)E, update to version 15.2(5.5.64)E or later. For Cisco IOS and IOS XE Software versions prior to 15.4(1)IA1.80, update to version 15.4(1)IA1.80 or later. For Cisco IOS and IOS XE Software versions prior to 15.5(3)M1.1, update to version 15.5(3)M1.1 or later. For Cisco IOS and IOS XE Software versions prior to 15.5(3)M2, update to version 15.5(3)M2 or later. For Cisco IOS and IOS XE Software versions prior to 15.5(3)S1.4, update to version 15.5(3)S1.4 or later. For Cisco IOS and IOS XE Software versions prior to 15.5(3)S2, update to version 15.5(3)S2 or later. For Cisco IOS and IOS XE Software versions prior to 15.6(0.22)S0.12, update to version 15.6(0.22)S0.12 or later. For Cisco IOS and IOS XE Software versions prior to 15.6(1)T0.1, update to version 15.6(1)T0.1 or later. For Cisco IOS and IOS XE Software versions prior to 15.6(1)T1, update to version 15.6(1)T1 or later. For Cisco IOS and IOS XE Software versions prior to 15.6(1.15)T, update to version 15.6(1.15)T or later. For Cisco IOS and IOS XE Software versions prior to 15.6(1.17)S0.7, update to version 15.6(1.17)S0.7 or later. For Cisco IOS and IOS XE Software versions prior to 15.6(1.17)SP, update to version 15.6(1.17)SP or later. For Cisco IOS and IOS XE Software versions prior to 15.6(1.22.1a)T0, update to version 15.6(1.22.1a)T0 or later. For Cisco IOS and IOS XE Software versions prior to 15.6(2)S, update to version 15.6(2)S or later. For Cisco IOS and IOS XE Software versions prior to 15.6(2)SP, update to version 15.6(2)SP or later. For Cisco IOS and IOS XE Software versions prior to 16.1(1.24), update to version 16.1(1.24) or later. For Cisco IOS and IOS XE Software versions prior to 16.1.2, update to version 16.1.2 or later. For Cisco IOS and IOS XE Software versions prior to 16.2(0.247), update to version 16.2(0.247) or later. For Cisco IOS and IOS XE Software versions prior to 16.3(0.11), update to version 16.3(0.11) or later. For Cisco IOS and IOS XE Software versions prior to 3.8(1)E, update to version 3.8(1)E or later.