Executive Summary
Summary | |
---|---|
Title | Cisco License Manager Directory Traversal Information Disclosure Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20171004-clm | First vendor Publication | 2017-10-04 |
Vendor | Cisco | Last vendor Modification | 2017-10-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application which should be restricted. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files which may contain sensitive information. Cisco has not released and will not release a software update to address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZ1QWLZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmvVg/6A3Fy+RVIE7MKU61Y 9Xh/zFO69WKmkwJNnuxcRyog+kDv0LggEc0m1j+KQU6vLQrtNAOL5H5mn9tr4Thf VHlwGSWaLmA5DxmsKUCrVT6lgnlXjYzOtCDuzDa4EqQEiiRUOFewNOGI7U2qykD0 WCgsBRnyOCjw9xDHCA8LDDpB2uunddrVYhBjYdy5VN421X+O4UYPlNRLcRzh3nO7 z4FbgXI8uiGg2F7QIQhR2keUKXjhj58XsIGIc/8V9mcsPQtjlh1SDA+w2Z6UOseg 2wo8adSGl67Pzop76VyrxqRhZHy6ggMoujch7Vp+e6pISFIerMbRReFkeDe4urD/ NLF+ST+7QF/0/itujuBVtVGSNUT9khRbKLD4802CcgqVhjS8jZvGfoaGf+teQVkR zvDEjR2DpzNcbFnaSxuC69AxZwJpin1xAZq2MOgMR0sbGCJsGSHWuU/igAB6g5sr BNLNI7u14CnysFvKWfHDq0loaKcr5Cmep217hLBb+psYKi4kzvIL3l6vl/dudLm4 64mnSuSKvsjq2d74F7vdut8pBSALJ9mZCXVCj9zQjM5a7NAKfUdxzU2ryMF1u7tC jTZhq5W9L+EeTtijp3H9ZXVs0smvXMBas9QdkF5p3o85BFD90HeH2oSuDazuJhZU L3uudn82Wln24A9wOcb1aLd0Es0= =eBtR END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-10-05 | Cisco License Manager ReportCSV directory traversal attempt RuleID : 44500 - Revision : 1 - Type : SERVER-WEBAPP |
2017-10-05 | Cisco License Manager ReportCSV directory traversal attempt RuleID : 44499 - Revision : 1 - Type : SERVER-WEBAPP |
2017-10-05 | Cisco License Manager ReportCSV directory traversal attempt RuleID : 44498 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2017-11-01 17:22:39 |
|
2017-10-05 13:26:50 |
|
2017-10-04 21:22:29 |
|