CVE-2016-6412

Published: Sep 24, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773.

Affected (1)

Products: Cisco: Ios

Cisco

1 product

Ios

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios	Version 15.6(1)t1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf1

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/93088

Source: psirt@cisco.com

http://www.securitytracker.com/id/1036874

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/93088

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036874

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.