Lucene search
CiscoCVELIST:CVE-2017-12285HistoryOct 19, 2017 - 8:00 a.m.
CVE-2017-12285
2017-10-1908:00:00
CWE-20
cisco
www.cve.org
3
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.
CNA Affected
[
{
"product": "Cisco Network Analysis Module",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Network Analysis Module"
}
]
}
]Related
cve
cve
CVE-2017-12285
2017-10-19 08:29:00
cisco
cisco
checkpoint_advisories
checkpoint_advisories
openvas
openvas
Cisco Network Analysis Module Directory Traversal Vulnerability
2017-11-17 00:00:00
prion
prion
Directory traversal
2017-10-19 08:29:00
nvd
nvd
CVE-2017-12285
2017-10-19 08:29:00
