Vulnerability Description
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Network Analysis Module | 6.2\(1b\) |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101527Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039623Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/101527Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039623Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-12285?
CVE-2017-12285 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversa...
How severe is CVE-2017-12285?
CVE-2017-12285 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12285?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Prime Network Analysis Module.