Description
A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29).
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94340
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037299
Scores
CVSS v3
2.5
EPSS
0.0030
EPSS Percentile
21.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (11)
cisco/ios_xe
3.6.2ae
cisco/ios_xe
3.6.3e
cisco/ios_xe
3.6.4e
cisco/ios_xe
3.8.1e
cisco/ios_xe
16.1.1
cisco/ios_xe
16.1.2
cisco/ios_xe
16.1.3
cisco/ios_xe
16.2.1
cisco/ios_xe
16.2.2
cisco/ios_xe
16.3.1
... and 1 more
Published
Nov 19, 2016
Tracked Since
Feb 18, 2026