← volver
CVE-2017-12285

CVE-2017-12285

EPSS 37.2%CWE-20
Vexday Risk Score
15Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 37.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 oct 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.
Productos afectados
n/a · Cisco Network Analysis Module

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-namhttp://www.securityfocus.com/bid/101527http://www.securitytracker.com/id/1039623