Lucene search
RgodZDI-17-918HistoryNov 20, 2017 - 12:00 a.m.
Cisco Prime Network Analysis Module graph sfile Parameter Directory Traversal Arbitrary File Deletion Vulnerability
2017-11-2000:00:00
rgod
www.zerodayinitiative.com
14
0.965 High
EPSS
Percentile
99.6%
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Cisco Prime Network Analysis Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within graph.php. When parsing the sfile parameter, the script does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the web service.
Related
openvas
openvas
Cisco Network Analysis Module Directory Traversal Vulnerability
2017-11-17 00:00:00
checkpoint_advisories
checkpoint_advisories
cisco
cisco
cve
cve
CVE-2017-12285
2017-10-19 08:29:00
prion
prion
Directory traversal
2017-10-19 08:29:00
nvd
nvd
CVE-2017-12285
2017-10-19 08:29:00
cvelist
cvelist
CVE-2017-12285
2017-10-19 08:00:00