A vulnerability in the Secure Copy Protocol (SCP) and Secure FTP (SFTP) modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service (DoS) condition.

The vulnerability is due to improper setting of permissions on the filesystem for certain paths that include system files.

An attacker could exploit this vulnerability by using either the SCP or SFTP client to overwrite system files on the affected device.

An exploit could allow the attacker to overwrite system files and cause a DoS condition.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs
A vulnerability in the Secure Copy Protocol (SCP) and Secure FTP (SFTP) modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service (DoS) condition.

The vulnerability is due to improper setting of permissions on the filesystem for certain paths that include system files.

An attacker could exploit this vulnerability by using either the SCP or SFTP client to overwrite system files on the affected device.

An exploit could allow the attacker to overwrite system files and cause a DoS condition.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs

Security Impact Rating: Medium

CVE: CVE-2016-1366