ID de Prueba:	1.3.6.1.4.1.25623.1.0.106391
Categoría:	CISCO
Título:	Cisco IOS XE Software Directory Traversal Vulnerability
Resumen:	A vulnerability in the package unbundle utility of Cisco IOS XE Software;could allow an authenticated, local attacker to gain write access to some files in the underlying operating;system.
Descripción:	Summary: A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. Vulnerability Insight: The vulnerability is due to insufficient validation of files submitted to the affected installation utility. An attacker could exploit this vulnerability by uploading a crafted file to an affected system and running the installation utility command. Vulnerability Impact: A successful exploit could allow the attacker to gain write access to some files in the underlying operating system, which could allow the attacker to override the write-accessible files and compromise the integrity of the system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6450 BugTraq ID: 94340 http://www.securityfocus.com/bid/94340 http://www.securitytracker.com/id/1037299
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.