How severe is CVE-2016-6474?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2016-6474?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2016-6474 - HIGH Severity | CVSS 7.3

Vulnerability Description

A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. More Information: CSCuv89417. Known Affected Releases: 15.5(2.25)T. Known Fixed Releases: 15.2(4)E1 15.2(4)E2 15.2(4)E3 15.2(4)EA4 15.2(4.0r)EB 15.2(4.1.27)EB 15.2(4.4.2)EA4 15.2(4.7.1)EC 15.2(4.7.2)EC 15.2(5.1.1)E 15.2(5.5.63)E 15.2(5.5.64)E 15.4(1)IA1.80 15.5(3)M1.1 15.5(3)M2 15.5(3)S1.4 15.5(3)S2 15.6(0.22)S0.12 15.6(1)T0.1 15.6(1)T1 15.6(1.15)T 15.6(1.17)S0.7 15.6(1.17)SP 15.6(1.22.1a)T0 15.6(2)S 15.6(2)SP 16.1(1.24) 16.1.2 16.2(0.247) 16.3(0.11) 3.8(1)E Denali-16.1.2.

Related Vulnerabilities

CVE-2014-0097

HIGH

CVSS:7.3(High)

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authentica...

CWE-2872014

CVE-2015-1772

HIGH

CVSS:7.3(High)

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthe...

CWE-2872015

CVE-2016-0755

HIGH

CVSS:7.3(High)

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via...

CWE-2872016

CVE-2016-1502

HIGH

CVSS:7.3(High)

NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.

CWE-2872016

CVE-2016-4860

HIGH

CVSS:7.3(High)

Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of ser...

CWE-2872016

CVE-2017-2101

HIGH

CVSS:7.3(High)

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.

CWE-2872017