Directory traversal in Cisco License Manager - CVE-2017-12263
Published: October 5, 2017
Vulnerability identifier: #VU8716
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12263
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco License Manager
Cisco License Manager
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in the web interface of Cisco License Manager software due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. A remote attacker can use directory traversal techniques to submit a path to a desired file location and view application files which may contain sensitive information.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists in the web interface of Cisco License Manager software due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. A remote attacker can use directory traversal techniques to submit a path to a desired file location and view application files which may contain sensitive information.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-12263
No release planned to fix this bug.