Relative path traversal in Cisco Ultra Services Framework - CVE-2017-6681
Published: June 8, 2017
Vulnerability identifier: #VU6979
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6681
CWE-ID: CWE-23
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Ultra Services Framework
Cisco Ultra Services Framework
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The weakness exists in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework due to relative path traversal. A remote attacker can send a specially crafted URL request, perform relative path traversal attack and gain access to sensitive files on the system.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework due to relative path traversal. A remote attacker can send a specially crafted URL request, perform relative path traversal attack and gain access to sensitive files on the system.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-6681
Install update from vendor's website.