Lucene search

CiscoCVE-2016-6405

HistorySep 18, 2016 - 10:59 p.m.

CVE-2016-6405

2016-09-1822:59:14

CWE-20

cisco

web.nvd.nist.gov

cisco

fog director

iox

remote authenticated users

access restrictions

arbitrary files

cartridge interface

cve-2016-6405

bug id cscuz89368

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368.

Affected configurations

Nvd

Node

ciscofog_directorMatch1.0\(0\)

VendorProductVersionCPE
ciscofog_director1.0(0)cpe:2.3:a:cisco:fog_director:1.0\(0\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	fog_director	1.0(0)	cpe:2.3:a:cisco:fog_director:1.0\(0\):::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ioxfd

www.securityfocus.com/bid/92958

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

Related for CVE-2016-6405