CVE-2016-6412Improper Input Validation in Cisco IOS

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 64.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 24
Latest updateMay 17

Description

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDcisco/ios15.6\(1\)t1

🔴Vulnerability Details

2
GHSA
GHSA-v573-qcx7-25pj: The Cisco Application-hosting Framework (CAF) component in Cisco IOS 152022-05-17
CVEList
CVE-2016-6412: The Cisco Application-hosting Framework (CAF) component in Cisco IOS 152016-09-24

📋Vendor Advisories

1
Cisco
Cisco Application-Hosting Framework HTTP Header Injection Vulnerability2016-09-21
CVE-2016-6412 — Improper Input Validation in Cisco IOS | cvebase