vulnerability

Cisco IOS-XR: CVE-2016-1366: Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:C/A:N)	Mar 23, 2016	May 19, 2021	Mar 3, 2023

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:C/A:N)

Published

Mar 23, 2016

Added

May 19, 2021

Modified

Mar 3, 2023

Description

The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.

Solution

update-xros

References

CVE-2016-1366
https://attackerkb.com/topics/CVE-2016-1366
URL-https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today