Lucene search

CiscoCVE-2016-6450

HistoryNov 19, 2016 - 3:02 a.m.

CVE-2016-6450

2016-11-1903:02:59

CWE-20

cisco

web.nvd.nist.gov

cisco

vulnerability

unbundle

ios xe software

write access

cve-2016-6450

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

CVSS3

2.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

3.9

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29).

Affected configurations

Nvd

Node

ciscoios_xeMatch3.6.2ae

ciscoios_xeMatch3.6.3e

ciscoios_xeMatch3.6.4e

ciscoios_xeMatch3.8.1e

ciscoios_xeMatch16.1.1

ciscoios_xeMatch16.1.2

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.2.2

ciscoios_xeMatch16.3.1

VendorProductVersionCPE
ciscoios_xe3.6.2aecpe:2.3:o:cisco:ios_xe:3.6.2ae:*:*:*:*:*:*:*
ciscoios_xe3.6.3ecpe:2.3:o:cisco:ios_xe:3.6.3e:*:*:*:*:*:*:*
ciscoios_xe3.6.4ecpe:2.3:o:cisco:ios_xe:3.6.4e:*:*:*:*:*:*:*
ciscoios_xe3.8.1ecpe:2.3:o:cisco:ios_xe:3.8.1e:*:*:*:*:*:*:*
ciscoios_xe16.1.1cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*
ciscoios_xe16.1.2cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*
ciscoios_xe16.1.3cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*
ciscoios_xe16.2.1cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*
ciscoios_xe16.2.2cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*
ciscoios_xe16.3.1cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	3.6.2ae	cpe:2.3:o:cisco:ios_xe:3.6.2ae:::::::*
cisco	ios_xe	3.6.3e	cpe:2.3:o:cisco:ios_xe:3.6.3e:::::::*
cisco	ios_xe	3.6.4e	cpe:2.3:o:cisco:ios_xe:3.6.4e:::::::*
cisco	ios_xe	3.8.1e	cpe:2.3:o:cisco:ios_xe:3.8.1e:::::::*
cisco	ios_xe	16.1.1	cpe:2.3:o:cisco:ios_xe:16.1.1:::::::*
cisco	ios_xe	16.1.2	cpe:2.3:o:cisco:ios_xe:16.1.2:::::::*
cisco	ios_xe	16.1.3	cpe:2.3:o:cisco:ios_xe:16.1.3:::::::*
cisco	ios_xe	16.2.1	cpe:2.3:o:cisco:ios_xe:16.2.1:::::::*
cisco	ios_xe	16.2.2	cpe:2.3:o:cisco:ios_xe:16.2.2:::::::*
cisco	ios_xe	16.3.1	cpe:2.3:o:cisco:ios_xe:16.3.1:::::::*

CNA Affected

[
  {
    "product": "Cisco IOS XE 3.7(0) through Denali-16.3.1",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS XE 3.7(0) through Denali-16.3.1"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94340

www.securitytracker.com/id/1037299

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe

Social References

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

CVSS3

2.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

3.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-6450