Lucene search

CiscoCVE-2016-6414

HistorySep 22, 2016 - 10:59 p.m.

CVE-2016-6414

2016-09-2222:59:23

CWE-78

cisco

web.nvd.nist.gov

cve-2016-6414

cisco

ios

ios xe

security vulnerability

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.8%

JSON

iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.

Affected configurations

Nvd

Node

ciscoiosMatch15.6\(1\)t1

VendorProductVersionCPE
ciscoios15.6(1)t1cpe:2.3:o:cisco:ios:15.6\(1\)t1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	15.6(1)t1	cpe:2.3:o:cisco:ios:15.6\(1\)t1:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox

www.securityfocus.com/bid/93091

www.securitytracker.com/id/1036876

Social References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.8%

JSON

Related for CVE-2016-6414