Sign-up

ID

VAR-201609-0324


CVE

CVE-2016-6414


TITLE

Cisco IOS and IOS XE of iox Guest in OS Any on IOx Linux Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004898

DESCRIPTION

iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223. Both Cisco IOS and IOSXE are operating systems developed by Cisco for its network devices. Iox is one of the end-to-end application support system components that provide application hosting capabilities. An attacker could exploit this vulnerability to execute arbitrary IOxLinux commands on a user's operating system with a specially crafted iox command line option

Trust: 2.52

sources: NVD: CVE-2016-6414 // JVNDB: JVNDB-2016-004898 // CNVD: CNVD-2016-08201 // BID: 93091 // VULHUB: VHN-95234

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-08201

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t1

Trust: 1.6

vendor:ciscomodel:iosscope:lteversion:15.6

Trust: 0.8

vendor:ciscomodel:ios xescope:lteversion:3.18

Trust: 0.8

vendor:ciscomodel:iosscope:lteversion:<=15.6

Trust: 0.6

vendor:ciscomodel:ios xescope:lteversion:<=3.18

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-08201 // BID: 93091 // JVNDB: JVNDB-2016-004898 // CNNVD: CNNVD-201609-507 // NVD: CVE-2016-6414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6414
value: HIGH

Trust: 1.0

NVD: CVE-2016-6414
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-08201
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201609-507
value: HIGH

Trust: 0.6

VULHUB: VHN-95234
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6414
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-08201
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95234
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6414
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-08201 // VULHUB: VHN-95234 // JVNDB: JVNDB-2016-004898 // CNNVD: CNNVD-201609-507 // NVD: CVE-2016-6414

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-95234 // JVNDB: JVNDB-2016-004898 // NVD: CVE-2016-6414

THREAT TYPE

local

Trust: 0.9

sources: BID: 93091 // CNNVD: CNNVD-201609-507

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201609-507

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004898

PATCH
title:cisco-sa-20160921-ioxurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-004898

EXTERNAL IDS
db:NVDid:CVE-2016-6414
Trust: 3.4
db:BIDid:93091
Trust: 2.6
db:SECTRACKid:1036876
Trust: 1.1
db:JVNDBid:JVNDB-2016-004898
Trust: 0.8
db:CNNVDid:CNNVD-201609-507
Trust: 0.7
db:CNVDid:CNVD-2016-08201
Trust: 0.6
db:VULHUBid:VHN-95234
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-08201 // 
            
            
            
            VULHUB: VHN-95234 // 
            
            
            
            BID: 93091 // 
            
            
            
            JVNDB: JVNDB-2016-004898 // 
            
            
            
            CNNVD: CNNVD-201609-507 // 
            
            
            
            NVD: CVE-2016-6414

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160921-iox
Trust: 2.6
url:http://www.securityfocus.com/bid/93091
Trust: 2.3
url:http://www.securitytracker.com/id/1036876
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6414
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6414
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-08201 // 
            
            
            
            VULHUB: VHN-95234 // 
            
            
            
            BID: 93091 // 
            
            
            
            JVNDB: JVNDB-2016-004898 // 
            
            
            
            CNNVD: CNNVD-201609-507 // 
            
            
            
            NVD: CVE-2016-6414

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 93091 // 
            
            
            
            CNNVD: CNNVD-201609-507

SOURCES
db:CNVDid:CNVD-2016-08201
db:VULHUBid:VHN-95234
db:BIDid:93091
db:JVNDBid:JVNDB-2016-004898
db:CNNVDid:CNNVD-201609-507
db:NVDid:CVE-2016-6414

LAST UPDATE DATE
2025-04-13T23:14:14.106000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-08201date:2016-09-27T00:00:00
db:VULHUBid:VHN-95234date:2017-07-30T00:00:00
db:BIDid:93091date:2016-09-23T00:00:00
db:JVNDBid:JVNDB-2016-004898date:2016-09-28T00:00:00
db:CNNVDid:CNNVD-201609-507date:2016-09-23T00:00:00
db:NVDid:CVE-2016-6414date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-08201date:2016-09-27T00:00:00
db:VULHUBid:VHN-95234date:2016-09-22T00:00:00
db:BIDid:93091date:2016-09-21T00:00:00
db:JVNDBid:JVNDB-2016-004898date:2016-09-28T00:00:00
db:CNNVDid:CNNVD-201609-507date:2016-09-22T00:00:00
db:NVDid:CVE-2016-6414date:2016-09-22T22:59:23.223