A vulnerability in the Cisco application-hosting framework (CAF) for Cisco IOS and IOS XE Software with the IOx feature set could allow an authenticated, remote malicious user to read arbitrary files on a targeted system. The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability by submitting specific, crafted input to the affected framework. A successful exploit could allow the malicious user to read arbitrary files on the targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco ios 15.5\\(2\\)t |