Sign-up

ID

VAR-201609-0320


CVE

CVE-2016-6410


TITLE

Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-08199 // CNNVD: CNNVD-201609-504

DESCRIPTION

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856. Vendors have confirmed this vulnerability Bug ID CSCuy19856 It is released as.A remote authenticated user may be able to read arbitrary files. Cisco IOS and IOSXESoftware are operating systems developed by Cisco Systems for their network devices. This may lead to further attacks. This issue is being tracked by Cisco bug ID CSCuy19856. Cisco Application-hosting Framework (CAF) is one of the application-hosting framework components

Trust: 2.52

sources: NVD: CVE-2016-6410 // JVNDB: JVNDB-2016-004900 // CNVD: CNVD-2016-08199 // BID: 93090 // VULHUB: VHN-95230

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-08199

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t

Trust: 1.6

vendor:ciscomodel:ios xescope: - version: -

Trust: 1.4

vendor:ciscomodel:iosscope:eqversion:15.5(2)t

Trust: 0.8

vendor:ciscomodel:ios 15.6 tscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-08199 // BID: 93090 // JVNDB: JVNDB-2016-004900 // CNNVD: CNNVD-201609-504 // NVD: CVE-2016-6410

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6410
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6410
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-08199
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201609-504
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95230
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6410
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-08199
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95230
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6410
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-08199 // VULHUB: VHN-95230 // JVNDB: JVNDB-2016-004900 // CNNVD: CNNVD-201609-504 // NVD: CVE-2016-6410

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-95230 // JVNDB: JVNDB-2016-004900 // NVD: CVE-2016-6410

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-504

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201609-504

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004900

PATCH
title:cisco-sa-20160921-cafurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf
Trust: 0.8
title:Patch for Cisco IOS and IOSXESoftwareApplication-HostingFramework Unauthorized File Access Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/81794
Trust: 0.6
title:Cisco IOS  and IOS XE Software Application-Hosting Framework Unauthorized file access vulnerability Repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64241
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-08199 // 
            
            
            
            JVNDB: JVNDB-2016-004900 // 
            
            
            
            CNNVD: CNNVD-201609-504

EXTERNAL IDS
db:NVDid:CVE-2016-6410
Trust: 3.4
db:BIDid:93090
Trust: 2.6
db:SECTRACKid:1036873
Trust: 1.1
db:JVNDBid:JVNDB-2016-004900
Trust: 0.8
db:CNNVDid:CNNVD-201609-504
Trust: 0.7
db:CNVDid:CNVD-2016-08199
Trust: 0.6
db:VULHUBid:VHN-95230
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-08199 // 
            
            
            
            VULHUB: VHN-95230 // 
            
            
            
            BID: 93090 // 
            
            
            
            JVNDB: JVNDB-2016-004900 // 
            
            
            
            CNNVD: CNNVD-201609-504 // 
            
            
            
            NVD: CVE-2016-6410

REFERENCES
url:http://www.securityfocus.com/bid/93090
Trust: 2.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160921-caf
Trust: 2.0
url:http://www.securitytracker.com/id/1036873
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6410
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6410
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-08199 // 
            
            
            
            VULHUB: VHN-95230 // 
            
            
            
            BID: 93090 // 
            
            
            
            JVNDB: JVNDB-2016-004900 // 
            
            
            
            CNNVD: CNNVD-201609-504 // 
            
            
            
            NVD: CVE-2016-6410

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 93090 // 
            
            
            
            CNNVD: CNNVD-201609-504

SOURCES
db:CNVDid:CNVD-2016-08199
db:VULHUBid:VHN-95230
db:BIDid:93090
db:JVNDBid:JVNDB-2016-004900
db:CNNVDid:CNNVD-201609-504
db:NVDid:CVE-2016-6410

LAST UPDATE DATE
2025-04-13T23:09:29.491000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-08199date:2016-09-27T00:00:00
db:VULHUBid:VHN-95230date:2017-07-30T00:00:00
db:BIDid:93090date:2016-09-23T00:00:00
db:JVNDBid:JVNDB-2016-004900date:2016-09-28T00:00:00
db:CNNVDid:CNNVD-201609-504date:2016-09-26T00:00:00
db:NVDid:CVE-2016-6410date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-08199date:2016-09-27T00:00:00
db:VULHUBid:VHN-95230date:2016-09-24T00:00:00
db:BIDid:93090date:2016-09-21T00:00:00
db:JVNDBid:JVNDB-2016-004900date:2016-09-28T00:00:00
db:CNNVDid:CNNVD-201609-504date:2016-09-22T00:00:00
db:NVDid:CVE-2016-6410date:2016-09-24T01:59:02.900