Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-6450


A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29).


Published

2016-11-19T03:02:59.117

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 2.5 (LOW)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

3.4

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-20

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco ios_xe 3.6.2ae Yes
Operating System cisco ios_xe 3.6.3e Yes
Operating System cisco ios_xe 3.6.4e Yes
Operating System cisco ios_xe 3.8.1e Yes
Operating System cisco ios_xe 16.1.1 Yes
Operating System cisco ios_xe 16.1.2 Yes
Operating System cisco ios_xe 16.1.3 Yes
Operating System cisco ios_xe 16.2.1 Yes
Operating System cisco ios_xe 16.2.2 Yes
Operating System cisco ios_xe 16.3.1 Yes

References