1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: CVE-2016-6435 Local File Inclusion Vulnerability

Attack: CVE-2016-6435 Local File Inclusion Vulnerability

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

An attacker can exploit this issue to execute arbitrary commands on the affected system. This may aid in further attacks.

Additional Information

Multiple Cisco products are prone to a remote command-execution vulnerability. Specifically, this issue occurs because it fails to properly protect calling of shell commands in the CGI script. An attacker can exploit this issue by sending a specially crafted HTTP request to execute arbitrary commands.

An attacker can exploit this issue to execute arbitrary command on the affected system. This may aid in further attacks.

This issue being tracked by Cisco Bug IDs CSCur90888 and CSCux10615

Affected

  • Various Platforms
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube