CVE-2016-6455: A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote ...

Description

A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147.

Metrics

EPSS Probability

1.75%

74.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions
Cisco	Asr 5000 Software	18.0.0
Cisco	Asr 5000 Software	18.0.0.57828
Cisco	Asr 5000 Software	18.0.0.59167
Cisco	Asr 5000 Software	18.0.0.59211
Cisco	Asr 5000 Software	18.0.l0.59219
Cisco	Asr 5000 Software	18.1.0
Cisco	Asr 5000 Software	18.1.0.59776
Cisco	Asr 5000 Software	18.1.0.59780
Cisco	Asr 5000 Software	18.1_base
Cisco	Asr 5000 Software	18.3.0
Cisco	Asr 5000 Software	18.3_base
Cisco	Asr 5000 Software	18.4.0
Cisco	Asr 5000 Software	19.0.1
Cisco	Asr 5000 Software	19.0.m0.60737
Cisco	Asr 5000 Software	19.0.m0.60828
Cisco	Asr 5000 Software	19.0.m0.61045
Cisco	Asr 5000 Software	19.1.0
Cisco	Asr 5000 Software	19.1.0.61559
Cisco	Asr 5000 Software	19.2.0
Cisco	Asr 5000 Software	19.3.0
Cisco	Asr 5000 Software	20.0.0

References

Timeline

Published: Nov 3, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-6455?

A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147.

How severe is CVE-2016-6455?

Severity scoring for CVE-2016-6455 is pending analysis. The EPSS model estimates a 1.75% probability of exploitation in the next 30 days.

How do I fix CVE-2016-6455?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.