Lucene search

[email protected]CVE-2016-6450

HistoryNov 19, 2016 - 3:02 a.m.

CVE-2016-6450

2016-11-1903:02:59

CWE-20

[email protected]

web.nvd.nist.gov

cisco

vulnerability

unbundle

ios xe software

write access

cve-2016-6450

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

2.5 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

3.9 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29).

Affected configurations

NVD

Node

ciscoios_xeMatch3.6.2ae

ciscoios_xeMatch3.6.3e

ciscoios_xeMatch3.6.4e

ciscoios_xeMatch3.8.1e

ciscoios_xeMatch16.1.1

ciscoios_xeMatch16.1.2

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.2.2

ciscoios_xeMatch16.3.1

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq3.6.2ae
cisco:ios_xecisco ios xeeq3.6.3e
cisco:ios_xecisco ios xeeq3.6.4e
cisco:ios_xecisco ios xeeq3.8.1e
cisco:ios_xecisco ios xeeq16.1.1
cisco:ios_xecisco ios xeeq16.1.2
cisco:ios_xecisco ios xeeq16.1.3
cisco:ios_xecisco ios xeeq16.2.1
cisco:ios_xecisco ios xeeq16.2.2
cisco:ios_xecisco ios xeeq16.3.1

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	3.6.2ae
cisco:ios_xe	cisco ios xe	eq	3.6.3e
cisco:ios_xe	cisco ios xe	eq	3.6.4e
cisco:ios_xe	cisco ios xe	eq	3.8.1e
cisco:ios_xe	cisco ios xe	eq	16.1.1
cisco:ios_xe	cisco ios xe	eq	16.1.2
cisco:ios_xe	cisco ios xe	eq	16.1.3
cisco:ios_xe	cisco ios xe	eq	16.2.1
cisco:ios_xe	cisco ios xe	eq	16.2.2
cisco:ios_xe	cisco ios xe	eq	16.3.1

CNA Affected

[
  {
    "product": "Cisco IOS XE 3.7(0) through Denali-16.3.1",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS XE 3.7(0) through Denali-16.3.1"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94340

www.securitytracker.com/id/1037299

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe

Social References

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

2.5 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

3.9 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-6450

openvas1 prion1 nvd1 cisco1 cvelist1