CVE-2016-6410 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 45.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedSep 24

Latest updateMay 17

Description

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/ios15.5\(2\)t

🔴Vulnerability Details

GHSA

GHSA-mpxw-9793-rp52: The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15↗2022-05-17

▶

CVEList

CVE-2016-6410: The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15↗2016-09-24

▶

📋Vendor Advisories

Cisco

Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vulnerability↗2016-09-21

▶