Main Vulnerability Database Vulnerabilities #VU13

#VU13 Filesystem enforce permissions vulnerability - CVE-2016-1435

Published: June 21, 2016 / Updated: June 24, 2016

Vulnerability identifier: #VU13

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-1435

CWE-ID: CWE-918

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:

Software vendor:

Description

The vulnerability allows a local user to obtain elevated privileges.

The vulnerability exists due to software error when enforcing permissions for mounted filesystem. A local user can read or modify arbitrary files on the vulnerable device.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges.

Remediation

Patch for this vulnerability is available through Cisco Bug Search Tool.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp

#VU13 Filesystem enforce permissions vulnerability - CVE-2016-1435

Description

Remediation

External links

Please verify you're human