CVE-2016-1366

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.

Los módulos SCP y SFTP en Cisco IOS XR 5.0.0 hasta la versión 5.2.5 en dispositivos Network Convergence System 6000 utilizan permisos débiles para archivos de sistema, lo que permite a usuarios remotos autenticados causar una denegación de servicio (sobrescritura) a través de vectores no especificados, también conocida como Bug ID CSCuw75848.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-01-04 CVE Reserved
2016-03-24 CVE Published
2023-03-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (2)

URL	Tag	Source
http://www.securitytracker.com/id/1035407	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs	2016-12-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Ios Xr Search vendor "Cisco" for product "Ios Xr"				5.0.0 Search vendor "Cisco" for product "Ios Xr" and version "5.0.0"		-		Affected
Cisco Search vendor "Cisco"		Ios Xr Search vendor "Cisco" for product "Ios Xr"				5.0.1 Search vendor "Cisco" for product "Ios Xr" and version "5.0.1"		-		Affected
Cisco Search vendor "Cisco"		Ios Xr Search vendor "Cisco" for product "Ios Xr"				5.2.1 Search vendor "Cisco" for product "Ios Xr" and version "5.2.1"		-		Affected
Cisco Search vendor "Cisco"		Ios Xr Search vendor "Cisco" for product "Ios Xr"				5.2.3 Search vendor "Cisco" for product "Ios Xr" and version "5.2.3"		-		Affected
Cisco Search vendor "Cisco"		Ios Xr Search vendor "Cisco" for product "Ios Xr"				5.2.4 Search vendor "Cisco" for product "Ios Xr" and version "5.2.4"		-		Affected
Cisco Search vendor "Cisco"		Ios Xr Search vendor "Cisco" for product "Ios Xr"				5.2.5 Search vendor "Cisco" for product "Ios Xr" and version "5.2.5"		-		Affected