Lucene search
CiscoCVELIST:CVE-2017-3852HistoryMar 22, 2017 - 7:00 p.m.
CVE-2017-3852
2017-03-2219:00:00
CWE-20
cisco
www.cve.org
4
A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52317.
CNA Affected
[
{
"product": "Cisco Application-Hosting Framework",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Application-Hosting Framework"
}
]
}
]Related
cisco
cisco
Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability
2017-03-22 16:00:00
nvd
nvd
CVE-2017-3852
2017-03-22 19:59:00
cve
cve
CVE-2017-3852
2017-03-22 19:59:00
prion
prion
Input validation
2017-03-22 19:59:00
openvas
openvas
Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability
2017-03-23 00:00:00
threatpost
threatpost
Cisco Patches Critical IOx Vulnerability
2017-03-23 15:24:47