Cisco ios xr scp/SFTP Module Denial-of-Service Vulnerability (CVE-2016-1366)
Cisco ios xr scp/SFTP Module Denial-of-Service Vulnerability (CVE-2016-1366)
Release date:
Updated on:
Affected Systems:
Cisco ios xr 5.0.0-5.2.5
Description:
CVE (CAN) ID: CVE-2016-1366
Cisco IOS is an interconnected network operating system used on most Cisco system routers and network switches.
On the Network Convergence System 6000 device, Cisco ios xr 5.0.0-5.2.5 has a vulnerability in SCP and SFTP Module System File Permission restrictions, which can cause remote attackers to suffer from Denial-of-Service (overwriting) attacks ).
<* Source: Cisco
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20160323-ncs) and patches for this:
Cisco-sa-20160323-ncs: Cisco Network Convergence System 6000 Series Routers SCP and SFTP Modules Denial of Service Vulnerability
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs
This article permanently updates the link address: