Main Vulnerability Database Vulnerabilities #VU630

Information disclosure in Cisco Systems, Inc products - CVE-2016-6410

Published: September 22, 2016 / Updated: April 5, 2018

Vulnerability identifier: #VU630

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-6410

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco IOS
Cisco IOS XR
Cisco IOS XE

Detailed vulnerability description

The vulnerability allows a remote authenticated user to obtain potentially sensitive information.
The weakness is caused by improper input validation. To exploit the vulnerability attackers can send specially crafted data that invokes input validation flaw and allows to view arbitrary files.
Successful exploitation of the vulnerability may result in information disclosure.

How to mitigate CVE-2016-6410

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf

Information disclosure in Cisco Systems, Inc products - CVE-2016-6410

Detailed vulnerability description

How to mitigate CVE-2016-6410

Sources

Please verify you're human