cbcvebase.
CVE-2017-12285
published 2017-10-19

CVE-2017-12285: A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from…

PriorityP349medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
EPSS
37.19%
98.3th percentile
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.

Affected

2 ranges
VendorProductVersion rangeFixed in
cisconetwork_analysis_module_parameter_directory
ciscoprime_network_analysis_module

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated crafted HTTP requests targeting the Cisco Network Analysis Module web interface that exploit improper input validation and missing RBAC controls to perform directory traversal and arbitrary file deletion.
  • Monitor for HTTP requests to the Cisco NAM web interface that contain directory traversal sequences (e.g., '../') in URL parameters, particularly from unauthenticated sources, as the software does not apply role-based access controls (RBACs) to requested HTTP URLs.
  • ·No workarounds are available for this vulnerability; patching is the only remediation path.

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
vendor_cisco6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.