Main Vulnerability Database Vulnerabilities #VU371

Input validation error - CVE-2016-6362

Published: September 8, 2016 / Updated: September 8, 2016

Vulnerability identifier: #VU371

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-6362

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code and gain root privileges on the target system.

The vulnerability exists due to incorrect handling of line-interface (CLI) parameters. A local user can execute arbitrary commands with elevated privileges.

Successful exploitation of this vulnerability will allow the local attacker to cause arbitrry code execution and obtain root privileges on vulnerable system.

How to mitigate CVE-2016-6362

Update to version 8.2.110.0, 8.2.121.0 and 8.3.102.0.

Sources

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1

Input validation error - CVE-2016-6362

Detailed vulnerability description

How to mitigate CVE-2016-6362

Sources

Please verify you're human