1. Home
  2. CVE Database
  3. CVE-2016-1366
MEDIUM · 6.5

CVE-2016-1366

The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial...

Vulnerability Description

The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
CiscoIos Xr5.0.0

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2016-1366?

CVE-2016-1366 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial...

How severe is CVE-2016-1366?

CVE-2016-1366 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1366?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xr.