File Disclosure Vulnerability in Cisco IOx Hosted Applications
CVE-2016-9199

6.5MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Iox
Vendor
CVE Published:
14 December 2016

Summary

A vulnerability in the Cisco application-hosting framework (CAF) within Cisco IOx could permit an authenticated, remote attacker to access arbitrary files on a targeted system. This issue affects specific releases of the IOx subsystem of Cisco IOS and IOS XE Software, potentially compromising data integrity and confidentiality. For detailed information and mitigation strategies, refer to the applicable security advisories.

Affected Version(s)

Cisco IOx Cisco IOx

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94788
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037427
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.