CVE-2016-6410
MEDIUMCisco IOS - Authenticated Arbitrary File Read via CAF Component
Title source: llmDescription
The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93090
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036873
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf
Scores
CVSS v3
6.5
EPSS
0.0140
EPSS Percentile
69.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-20
Status
published
Products (1)
cisco/ios
15.5\(2\)t
Published
Sep 24, 2016
Tracked Since
Feb 18, 2026