CVE-2016-1366Cisco IOS XR vulnerability

CWE-2644 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 63.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedMar 24
Latest updateMay 17

Description

The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDcisco/ios_xr6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-2mxp-83cx-hqmp: The SCP and SFTP modules in Cisco IOS XR 52022-05-17
CVEList
CVE-2016-1366: The SCP and SFTP modules in Cisco IOS XR 52016-03-24

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability2016-03-23
CVE-2016-1366 — Cisco IOS XR vulnerability | cvebase