Multiple vulnerabilities in Cisco IOS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2016-6414 CVE-2016-6409 CVE-2016-6410 CVE-2016-6412 |
| CWE-ID | CWE-78 CWE-399 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco IOS Operating systems & Components / Operating system Cisco IOS XR Operating systems & Components / Operating system Cisco IOS XE Operating systems & Components / Operating system |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU628
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-6414
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain elevated privileges and perform command injection on the target system.
The weakness is caused by improper input validation. Using of specially crafted iox command line parameters allows attackers to cause an input validation flaw and execute arbitrary commands on the IOx Linux guest operating system (GOS).
Successful exploitation of the vulnerability may lead to privilege escalation and command injection on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsCisco IOS: 12.0 - 15.2(4)ea
Cisco IOS XR: 5.1.0 - 6.0.1
Cisco IOS XE: 3.15S - 3.17S
CPE2.3- cpe:2.3:o:cisco_systems:cisco_ios:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:12.2.33:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:12.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:15.2(4)ea:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xr:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xr:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xr:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xr:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xe:3.15S:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Denial of service
EUVDB-ID: #VU629
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-6409
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause denial of service on the target system.
The weakness is caused by improper bounds validation. By sending specially crafted data attackers can cause a boundary error in the Cisco Data in Motion (DMo) component that leads to denial of service conditions on the target DMo process.
Successful exploitation of the vulnerability results in denial of service on the vulnerable service.
Install update from vendor's website.
Vulnerable software versionsCisco IOS: 12.0 - 15.2(4)ea
Cisco IOS XR: 5.1.0 - 6.0.1
Cisco IOS XE: 3.15S - 3.17S
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-dmo
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU630
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-6410
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to obtain potentially sensitive information.
The weakness is caused by improper input validation. To exploit the vulnerability attackers can send specially crafted data that invokes input validation flaw and allows to view arbitrary files.
Successful exploitation of the vulnerability may result in information disclosure.
Install update from vendor's website.
Vulnerable software versionsCisco IOS: 12.0 - 15.2(4)ea
Cisco IOS XR: 5.1.0 - 6.0.1
Cisco IOS XE: 3.15S - 3.17S
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information modification
EUVDB-ID: #VU647
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-6412
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerabiity allows a remote user to modify user's information on the target system.
The weakness exists due to input validation flaw in the Cisco Application-hosting Framework (CAF) component. By insertion specially crafted HTTP headers into the communications path between the user and the target IOS system attackers can download an arbitrary file.
Successful exploitation of the vulnerability may result in modification of target user's data.
Install update from vendor's website.
Vulnerable software versionsCisco IOS XE: 3.15S - 3.17S
Cisco IOS: 12.0 - 15.2(4)ea
Cisco IOS XR: 5.1.0 - 6.0.1
CPE2.3https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
