CVE-2017-12285
Last modified
CVE-2017-12285 is a vulnerability of currently unknown severity. A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. EPSS estimates a 37.19% chance of exploitation in the next 30 days.
Description
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Network Analysis Module | 6.2\(1b\) |
References
- http://www.securityfocus.com/bid/101527Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039623Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/101527Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039623Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-12285?
How severe is CVE-2017-12285?
How do I fix CVE-2017-12285?
Are you affected by CVE-2017-12285?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST