CVE-2017-12285
published 2017-10-19CVE-2017-12285: A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from…
PriorityP349medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
EPSS
37.19%
98.3th percentile
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | network_analysis_module_parameter_directory | — | — |
| cisco | prime_network_analysis_module | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated crafted HTTP requests targeting the Cisco Network Analysis Module web interface that exploit improper input validation and missing RBAC controls to perform directory traversal and arbitrary file deletion. ↗
- →Monitor for HTTP requests to the Cisco NAM web interface that contain directory traversal sequences (e.g., '../') in URL parameters, particularly from unauthenticated sources, as the software does not apply role-based access controls (RBACs) to requested HTTP URLs. ↗
- ·No workarounds are available for this vulnerability; patching is the only remediation path. ↗
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
vendor_cisco6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c4c7-hxxv-g98g: A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary fil
ghsa_unreviewed·2022-05-13
CVE-2017-12285 [MEDIUM] CWE-20 GHSA-c4c7-hxxv-g98g: A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary fil
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.
Cisco
Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability
vendor_cisco·2017-10-18·CVSS 6.5
CVE-2017-12285 [MEDIUM] CWE-20 Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability
Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system.
The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system.
There are no workarounds that address this vulnerability.
This advisory is available at the foll
Cisco
Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-12285 Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability
CVE-2017-12285: Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. There are no
CVSS: 3.0
CWE: CWE-20, CWE-20
Bug IDs: CSCvf41365
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/101527http://www.securitytracker.com/id/1039623https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-namhttp://www.securityfocus.com/bid/101527http://www.securitytracker.com/id/1039623https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam
2017-10-19
Published