Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.106391
Kategorie:CISCO
Titel:Cisco IOS XE Software Directory Traversal Vulnerability
Zusammenfassung:A vulnerability in the package unbundle utility of Cisco IOS XE Software;could allow an authenticated, local attacker to gain write access to some files in the underlying operating;system.
Beschreibung:Summary:
A vulnerability in the package unbundle utility of Cisco IOS XE Software
could allow an authenticated, local attacker to gain write access to some files in the underlying operating
system.

Vulnerability Insight:
The vulnerability is due to insufficient validation of files submitted to
the affected installation utility. An attacker could exploit this vulnerability by uploading a crafted file to
an affected system and running the installation utility command.

Vulnerability Impact:
A successful exploit could allow the attacker to gain write access to some
files in the underlying operating system, which could allow the attacker to override the write-accessible files
and compromise the integrity of the system.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-6450
BugTraq ID: 94340
http://www.securityfocus.com/bid/94340
http://www.securitytracker.com/id/1037299
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.