Main Vulnerability Database SB2017032205

SB2017032205 - Security restrictions bypass in Cisco IOx

Published: March 22, 2017

Security Bulletin ID SB2017032205

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2017-3852)

The vulnerability allows a remote authenticated attacker to write or modify arbitrary files on the target device.

The weakness exists due to insufficient input validation of user-supplied application packages. A remote attacker can send specially crafted requests to the target Cisco application-hosting framework (CAF) component, trigger an input validation flaw and write or modify arbitrary files on the target virtual instance running on the target device.

Successful exploitation of the vulnerability results in modification of system information.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf2