Cisco IOS XE Software CVE-2016-6450 Local Directory Traversal Vulnerability
Cisco IOS XE Software is prone to a local directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.
This issue is being tracked by Cisco Bug ID's CSCva60013 and CSCvb22622.
The following products are vulnerable if using the vulnerable version of IOS XE Software:
Cisco 5700 Series
Wireless LAN Controllers
Cisco Catalyst 3650 Series Switches
Cisco Catalyst 3850 Series Switches
Cisco Catalyst 4500E Series Switches
Cisco Catalyst 4500X Series Switches