CVE-2016-1366

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 5.0.0 through 5.2.5

Description The issue is related to weak permissions for system files in the SCP and SFTP modules, allowing remote authenticated users to cause a denial of service by overwriting system files. This is due to improper setting of permissions on the filesystem for certain paths that include system files. An attacker could exploit this by using either the SCP or SFTP client to overwrite system files on the affected device, resulting in a denial of service condition.

Recommendations For Cisco IOS XR versions 5.0.0 through 5.2.5, consider restricting access to the SCP and SFTP modules to minimize the risk of exploitation, as there are no available software updates or workarounds that address this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.