CVE-2017-12285

Cisco Prime Network Analysis Module graph sfile Parameter Directory Traversal Arbitrary File Deletion Vulnerability

Severity Score

5.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.

Una vulnerabilidad en la interfaz web del software Cisco Network Analysis Module podría permitir que un atacante remoto no autenticado elimine archivos arbitrarios de un sistema afectado. Esto también se conoce como salto de directorio. Esta vulnerabilidad existe porque el software afectado no realiza una correcta validación de entradas de las peticiones HTTP que recibe y el software no aplica controles de acceso basados en roles (RBAC) a URL HTTP solicitadas. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP manipulada al software afectado. Un exploit con éxito podría permitir que el atacante elimine archivos arbitrarios del sistema afectado. Cisco Bug IDs: CSCvf41365.

This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Cisco Prime Network Analysis Module. Authentication is not required to exploit this vulnerability.
The specific flaw exists within graph.php. When parsing the sfile parameter, the script does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the web service.

*Credits: rgod

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-03 CVE Reserved
2017-10-19 CVE Published
2024-07-01 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/101527	Third Party Advisory
http://www.securitytracker.com/id/1039623	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Prime Network Analysis Module Search vendor "Cisco" for product "Prime Network Analysis Module"				6.2\(1b\) Search vendor "Cisco" for product "Prime Network Analysis Module" and version "6.2\(1b\)"		-		Affected