CVE-2016-6450

Published on: 11/18/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:10 PM UTC

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Certain versions of Ios Xe from Cisco contain the following vulnerability:

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29).

  • CVE-2016-6450 has been assigned by [email protected] to track the vulnerability - currently rated as LOW severity.

CVSS3 Score: 2.5 - LOW

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL HIGH LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE LOW NONE

CVSS2 Score: 1.9 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
Cisco IOS XE Software CVE-2016-6450 Local Directory Traversal Vulnerability cve.report (archive)
text/html
URL Logo BID 94340
Cisco IOS XE Software Directory Traversal Vulnerability Vendor Advisory
tools.cisco.com
text/html
URL Logo CONFIRM tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe
Cisco IOS XE Flaw in 'package unbundle' Utility Lets Local Users Modify Files on the Target System - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1037299

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
CiscoIos Xe16.1.1AllAllAll
Operating
System
CiscoIos Xe16.1.2AllAllAll
Operating
System
CiscoIos Xe16.1.3AllAllAll
Operating
System
CiscoIos Xe16.2.1AllAllAll
Operating
System
CiscoIos Xe16.2.2AllAllAll
Operating
System
CiscoIos Xe16.3.1AllAllAll
Operating
System
CiscoIos Xe3.6.2aeAllAllAll
Operating
System
CiscoIos Xe3.6.3eAllAllAll
Operating
System
CiscoIos Xe3.6.4eAllAllAll
Operating
System
CiscoIos Xe3.8.1eAllAllAll
Operating
System
CiscoIos Xe16.1.1AllAllAll
Operating
System
CiscoIos Xe16.1.2AllAllAll
Operating
System
CiscoIos Xe16.1.3AllAllAll
Operating
System
CiscoIos Xe16.2.1AllAllAll
Operating
System
CiscoIos Xe16.2.2AllAllAll
Operating
System
CiscoIos Xe16.3.1AllAllAll
Operating
System
CiscoIos Xe3.6.2aeAllAllAll
Operating
System
CiscoIos Xe3.6.3eAllAllAll
Operating
System
CiscoIos Xe3.6.4eAllAllAll
Operating
System
CiscoIos Xe3.8.1eAllAllAll
  • cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:3.6.2ae:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:3.6.3e:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:3.6.4e:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:3.8.1e:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:3.6.2ae:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:3.6.3e:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:3.6.4e:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xe:3.8.1e:*:*:*:*:*:*:*: