CVE-2016-6410

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.6(1)T1 and later Cisco IOS XE (affected versions not specified)

Description The issue allows remote authenticated users to read arbitrary files due to insufficient input validation by the affected framework. An attacker could exploit this by submitting specific, crafted input to the affected framework, potentially allowing them to read arbitrary files on the targeted system.

Recommendations For Cisco IOS version 15.6(1)T1, update to a version that includes the fix for this issue. For Cisco IOS XE, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the IOx feature set until a patch is available.