• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

    Vulnerability Summary for CVE-2016-1366

    Original release date: 03/24/2016

    Last revised: 03/25/2016

    Source: US-CERT/NIST

     

    Overview

    The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.

     

    Impact

    CVSS Severity (version 3.0):

    CVSS v3 Base Score: 6.5 Medium

    Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

    Impact Score: 3.6

    Exploitability Score: 2.8

     

    CVSS Version 3 Metrics:

    Attack Vector (AV): Network

    Attack Complexity (AC): Low

    Privileges Required (PR): Low

    User Interaction (UI): None

    Scope (S): Unchanged

    Confidentiality (C): None

    Integrity (I): High

    Availability (A): None

     

    CVSS Severity (version 2.0):

    CVSS v2 Base Score: 6.8 MEDIUM

    Vector: (AV:N/AC:L/Au:S/C:N/I:C/A:N) (legend)

    Impact Subscore: 6.9

    Exploitability Subscore: 8.0

     

    CVSS Version 2 Metrics:

    Access Vector: Network exploitable

    Access Complexity: Low

    Authentication: Required to exploit

    Impact Type: Allows unauthorized modification

     

    References to Advisories, Solutions, and Tools

    By selecting these links, you will be leaving Trojan Horse Security's webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. Trojan Horse Security does not necessarily endorse the views expressed, or concur with the facts presented on these sites or accuracy. Trojan Horse Security will not be held responsible or liable for any reason Further, Trojan Horse Security does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to ContactUs@TrojanHorseSecurity.com

     

    External Source: CISCO

    Name: 20160323 Cisco Network Convergence System 6000 Series Routers SCP and SFTP Modules Denial of Service Vulnerability

    Type: Advisory

    Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs

     

    Vulnerable software and versions

    + Configuration 1+ OR* cpe:/o:cisco:ios_xr:5.2.4* cpe:/o:cisco:ios_xr:5.2.5* cpe:/o:cisco:ios_xr:5.2.3* cpe:/o:cisco:ios_xr:5.2.1* cpe:/o:cisco:ios_xr:5.0.1* cpe:/o:cisco:ios_xr:5.0.0

    * Denotes Vulnerable Software
    Changes related to vulnerability configurations

     

    Technical Details

    Vulnerability Type (View All)

    • Permissions, Privileges, and Access Control (CWE-264)

    CVE Standard Vulnerability Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1366

     

    Change History 1 change record found - show changes >>>

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More