CVE-2016-6450: Input Validation
First published: Sat Nov 19 2016(Updated: )
A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29).
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE Web UI | =3.6.2ae | |
| Cisco IOS XE Web UI | =3.6.3e | |
| Cisco IOS XE Web UI | =3.6.4e | |
| Cisco IOS XE Web UI | =3.8.1e | |
| Cisco IOS XE Web UI | =16.1.1 | |
| Cisco IOS XE Web UI | =16.1.2 | |
| Cisco IOS XE Web UI | =16.1.3 | |
| Cisco IOS XE Web UI | =16.2.1 | |
| Cisco IOS XE Web UI | =16.2.2 | |
| Cisco IOS XE Web UI | =16.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-6450?
CVE-2016-6450 has a medium severity rating allowing local authenticated attackers to gain write access to system files.
How do I fix CVE-2016-6450?
The best fix for CVE-2016-6450 is to upgrade to a version of Cisco IOS XE that is not affected by the vulnerability.
Which Cisco IOS XE versions are affected by CVE-2016-6450?
CVE-2016-6450 affects multiple versions including 3.6.2ae, 3.6.3e, 3.6.4e, 3.8.1e, and several 16.x versions up to 16.3.1.
What types of access does CVE-2016-6450 allow attackers?
CVE-2016-6450 allows authenticated, local attackers to gain write access to the underlying operating system files.
Who is impacted by CVE-2016-6450?
Network administrators using vulnerable versions of Cisco IOS XE Software are impacted by CVE-2016-6450.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/event
- agent/first-publish-date
- agent/description
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios xe web ui
- version/cisco ios xe web ui/3.6.2ae
- version/cisco ios xe web ui/3.6.3e
- version/cisco ios xe web ui/3.6.4e
- version/cisco ios xe web ui/3.8.1e
- version/cisco ios xe web ui/16.1.1
- version/cisco ios xe web ui/16.1.2
- version/cisco ios xe web ui/16.1.3
- version/cisco ios xe web ui/16.2.1
- version/cisco ios xe web ui/16.2.2
- version/cisco ios xe web ui/16.3.1