Directory traversal vulnerability - CVE-2016-1434
Published: June 21, 2016 / Updated: June 24, 2016
Vulnerability identifier: #VU14
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-1434
CWE-ID: CWE-400
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a local attacker to delete arbitrary files on the device.
The vulnerability exists due to insufficient validation of user-input. A local user can delete arbitrary files on the device using directory traversal sequences via certificate upload interface.
Successful exploitation of this vulnerability will allow the attacker to make the device unresponsive.
How to mitigate CVE-2016-1434
Patch for this vuinerability is available through the Cisco Bug Search Tool.