CVE-2016-6450

low-risk
Published 2016-11-19

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29).

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.5/10 Low
LOCAL / HIGH complexity

Affected Products (10)

Affected Vendors

Cisco

References (6)

http://www.securityfocus.com/bid/94340
http://www.securitytracker.com/id/1037299
Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...
http://www.securityfocus.com/bid/94340
http://www.securitytracker.com/id/1037299
Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...
22
/ 100
low-risk
Severity 6/34 · Minimal
Exploitability 0/34 · Minimal
Exposure 16/34 · Moderate