CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-1366

The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.8%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 6.8

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs
http://www.securitytracker.com/id/1035407
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs
http://www.securitytracker.com/id/1035407

Products affected by CVE-2016-1366

Cisco » Ios Xr » Version: 5.0.0

cpe:2.3:o:cisco:ios_xr:5.0.0
Cisco » Ios Xr » Version: 5.0.1

cpe:2.3:o:cisco:ios_xr:5.0.1
Cisco » Ios Xr » Version: 5.2.1

cpe:2.3:o:cisco:ios_xr:5.2.1
Cisco » Ios Xr » Version: 5.2.3

cpe:2.3:o:cisco:ios_xr:5.2.3
Cisco » Ios Xr » Version: 5.2.4

cpe:2.3:o:cisco:ios_xr:5.2.4
Cisco » Ios Xr » Version: 5.2.5

cpe:2.3:o:cisco:ios_xr:5.2.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-1366

Products

Pricing

Contact Us