Vulnerability in Cisco Ios_xr
CVE-2016-1366
The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified…
EPSS: 0.002 (36.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Cisco Ios_xr — versions 5.0.0, 5.0.1, 5.2.1
- N/a — versions n/a
Weakness classification (CWE)
References
- 20160323 Cisco Network Convergence System 6000 Series Routers SCP and SFTP Modules Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 1035407 (vdb-entry, x_refsource_SECTRACK)
Frequently asked questions
- What is CVE-2016-1366?
- CVE-2016-1366 is a medium-severity vulnerability in Cisco Ios_xr, classified under CWE-264. CVSS score: 6.5/10. Published 2016-03-24.
- How severe is CVE-2016-1366?
- Medium severity. CVSS v3 base score is 6.5 out of 10.