CVE-2016-6410

Published: Sep 24, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856.

Affected (1)

Products: Cisco: Ios

Cisco

1 product

Ios

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios	Version 15.5(2)t

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/93090

Source: psirt@cisco.com

http://www.securitytracker.com/id/1036873

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/93090

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036873

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.