#VU630 Information disclosure in Cisco Systems, Inc products - CVE-2016-6410

Vulnerability identifier: #VU630

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-6410

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS
Cisco IOS XR
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

The vulnerability allows a remote authenticated user to obtain potentially sensitive information.
The weakness is caused by improper input validation. To exploit the vulnerability attackers can send specially crafted data that invokes input validation flaw and allows to view arbitrary files.
Successful exploitation of the vulnerability may result in information disclosure.

Install update from vendor's website.

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf