Information disclosure - CVE-2016-6420
Published: September 29, 2016
Vulnerability identifier: #VU684
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6420
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote user to obtain potentially sensitive information on the target system.
The weakness exists due to authorization check flaw. By sending specially crafted data attackers can disclose data they weren't allowed to access.
Successful exploitation of the vulnerability results in access to potentially sensitive files on the vulnerable system.
The weakness exists due to authorization check flaw. By sending specially crafted data attackers can disclose data they weren't allowed to access.
Successful exploitation of the vulnerability results in access to potentially sensitive files on the vulnerable system.
How to mitigate CVE-2016-6420
Advisory is available at:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1