CVE-2016-6450 — Vulnetix

CVE-2016-6450 PUBLISHED CVSS 2.5 LOW

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29).

EPSS 0.06% · 19.9th percentile

Risk Scores

CVSS 3.0

2.5

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS Score

0.06%

19.9th percentile

Affected Products

Vendor	Product	Versions
cisco	ios_xe	3.6.3e, 3.6.4e, 3.8.1e
n/a	Cisco IOS XE 3.7(0) through Denali-16.3.1	Cisco IOS XE 3.7(0) through Denali-16.3.1

Exploit Intelligence

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe (circl)
94340 (circl)
1037299 (circl)

Timeline

Nov 15, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

Open in Interactive Console →