CVE-2016-6450Improper Input Validation in Cisco IOS XE

CWE-20Improper Input Validation4 documents4 sources
Severity
2.5LOWNVD
EPSS
0.1%
top 80.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedNov 19
Latest updateMay 17

Description

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages1 packages

NVDcisco/ios_xe10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-98rg-j7wr-2x79: A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some fil2022-05-17
CVEList
CVE-2016-6450: A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some fil2016-11-19

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Directory Traversal Vulnerability2016-11-15
CVE-2016-6450 — Improper Input Validation in Cisco | cvebase