A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.

The vulnerability is due to insufficient input validation by the affected framework.

An attacker could exploit this vulnerability by submitting specific, crafted input to the affected framework on a targeted system.

A successful exploit could allow the attacker to read arbitrary files on the targeted system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf
A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.

The vulnerability is due to insufficient input validation by the affected framework.

An attacker could exploit this vulnerability by submitting specific, crafted input to the affected framework on a targeted system.

A successful exploit could allow the attacker to read arbitrary files on the targeted system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf

Security Impact Rating: Medium

CVE: CVE-2016-9199

Leave a Reply