CVE-2016-6393

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.0 through 12.4 and 15.0 through 15.6 Cisco IOS XE versions 2.1 through 3.18 and 16.2

Description The issue is related to the Authentication, Authorization, and Accounting (AAA) service for remote Secure Shell Host (SSH) connections. It allows an unauthenticated, remote attacker to cause the vulnerable device to reload due to an error log message generated when a remote SSH connection to the device fails AAA authentication. An attacker could exploit this by attempting to authenticate to the targeted device, potentially causing a denial of service (DoS) condition.

Recommendations For Cisco IOS versions 12.0 through 12.4 and 15.0 through 15.6, update to a version that includes the software updates released by Cisco to address this issue. For Cisco IOS XE versions 2.1 through 3.18 and 16.2, update to a version that includes the software updates released by Cisco to address this issue. As a temporary workaround, consider implementing the workaround provided by Cisco that addresses this vulnerability.