Details of VAR-201611-0161

ID

VAR-201611-0161

CVE

CVE-2016-6450

TITLE

Cisco IOS XE Unbundled package utility gained write access vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-005908

DESCRIPTION

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29). Cisco IOSXE is Cisco's next-generation network operator routing system, a fully modular and fully distributed network interconnection operating system. Cisco IOSXESoftware has a directory traversal vulnerability that stems from a program failing to adequately filter user-supplied input, and an attacker can use path traversal characters (\"../\") to access or read arbitrary files. This issue is being tracked by Cisco Bug ID's CSCva60013 and CSCvb22622

Trust: 2.52

sources: NVD: CVE-2016-6450 // JVNDB: JVNDB-2016-005908 // CNVD: CNVD-2016-11322 // BID: 94340 // VULHUB: VHN-95270

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-11322

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.1.1	Trust: 2.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.1.2	Trust: 2.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.1.3	Trust: 2.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.2.1	Trust: 2.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.2.2	Trust: 2.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1	Trust: 2.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.2ae	Trust: 2.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.3e	Trust: 2.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.4e	Trust: 2.4
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.1e	Trust: 2.4
vendor:	cisco	model:	series wireless lan controllers	scope:	eq	version:	5700	Trust: 0.6
vendor:	cisco	model:	catalyst series switches	scope:	eq	version:	3650	Trust: 0.6
vendor:	cisco	model:	catalyst series switches	scope:	eq	version:	3850	Trust: 0.6
vendor:	cisco	model:	catalyst 4500e series switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst series switches	scope:	eq	version:	4500x	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2016-11322 // BID: 94340 // JVNDB: JVNDB-2016-005908 // CNNVD: CNNVD-201611-427 // NVD: CVE-2016-6450

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6450
value:	LOW
Trust: 1.0
NVD:	CVE-2016-6450
value:	LOW
Trust: 0.8
CNVD:	CNVD-2016-11322
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201611-427
value:	LOW
Trust: 0.6
VULHUB:	VHN-95270
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-6450
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-11322
severity:	LOW
baseScore:	1.5
vectorString:	AV:L/AC:M/AU:S/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	2.7
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-95270
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6450
baseSeverity:	LOW
baseScore:	2.5
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.0
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-11322 // VULHUB: VHN-95270 // JVNDB: JVNDB-2016-005908 // CNNVD: CNNVD-201611-427 // NVD: CVE-2016-6450

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-95270 // JVNDB: JVNDB-2016-005908 // NVD: CVE-2016-6450

THREAT TYPE

local

Trust: 0.9

sources: BID: 94340 // CNNVD: CNNVD-201611-427

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201611-427

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005908

PATCH

title:	cisco-sa-20161115-iosxe	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe	Trust: 0.8
title:	Cisco IOSXESoftware Directory Traversal Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/84091	Trust: 0.6
title:	Cisco IOS XE Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65769	Trust: 0.6

sources: CNVD: CNVD-2016-11322 // JVNDB: JVNDB-2016-005908 // CNNVD: CNNVD-201611-427

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6450	Trust: 3.4
db:	BID	id:	94340	Trust: 2.6
db:	SECTRACK	id:	1037299	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-005908	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-427	Trust: 0.7
db:	CNVD	id:	CNVD-2016-11322	Trust: 0.6
db:	VULHUB	id:	VHN-95270	Trust: 0.1

sources: CNVD: CNVD-2016-11322 // VULHUB: VHN-95270 // BID: 94340 // JVNDB: JVNDB-2016-005908 // CNNVD: CNNVD-201611-427 // NVD: CVE-2016-6450

REFERENCES

url:	http://www.securityfocus.com/bid/94340	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161115-iosxe	Trust: 2.0
url:	http://www.securitytracker.com/id/1037299	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6450	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6450	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-11322 // VULHUB: VHN-95270 // BID: 94340 // JVNDB: JVNDB-2016-005908 // CNNVD: CNNVD-201611-427 // NVD: CVE-2016-6450

CREDITS

Maksim Malyutin of Digital Security Ltd.

Trust: 0.9

sources: BID: 94340 // CNNVD: CNNVD-201611-427

SOURCES

db:	CNVD	id:	CNVD-2016-11322
db:	VULHUB	id:	VHN-95270
db:	BID	id:	94340
db:	JVNDB	id:	JVNDB-2016-005908
db:	CNNVD	id:	CNNVD-201611-427
db:	NVD	id:	CVE-2016-6450

LAST UPDATE DATE

2024-11-23T22:38:42.962000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-11322	date:	2016-11-21T00:00:00
db:	VULHUB	id:	VHN-95270	date:	2017-07-28T00:00:00
db:	BID	id:	94340	date:	2016-11-24T01:10:00
db:	JVNDB	id:	JVNDB-2016-005908	date:	2016-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201611-427	date:	2016-11-22T00:00:00
db:	NVD	id:	CVE-2016-6450	date:	2024-11-21T02:56:09.453

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-11322	date:	2016-11-21T00:00:00
db:	VULHUB	id:	VHN-95270	date:	2016-11-19T00:00:00
db:	BID	id:	94340	date:	2016-11-15T00:00:00
db:	JVNDB	id:	JVNDB-2016-005908	date:	2016-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201611-427	date:	2016-11-22T00:00:00
db:	NVD	id:	CVE-2016-6450	date:	2016-11-19T03:02:59.117