Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco License Manager Directory Traversal Information Disclosure Vulnerability
Informations
Name cisco-sa-20171004-clm First vendor Publication 2017-10-04
Vendor Cisco Last vendor Modification 2017-10-04
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application which should be restricted.

The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files which may contain sensitive information.

Cisco has not released and will not release a software update to address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm"]

BEGIN PGP SIGNATURE

iQKBBAEBAgBrBQJZ1QWLZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmvVg/6A3Fy+RVIE7MKU61Y 9Xh/zFO69WKmkwJNnuxcRyog+kDv0LggEc0m1j+KQU6vLQrtNAOL5H5mn9tr4Thf VHlwGSWaLmA5DxmsKUCrVT6lgnlXjYzOtCDuzDa4EqQEiiRUOFewNOGI7U2qykD0 WCgsBRnyOCjw9xDHCA8LDDpB2uunddrVYhBjYdy5VN421X+O4UYPlNRLcRzh3nO7 z4FbgXI8uiGg2F7QIQhR2keUKXjhj58XsIGIc/8V9mcsPQtjlh1SDA+w2Z6UOseg 2wo8adSGl67Pzop76VyrxqRhZHy6ggMoujch7Vp+e6pISFIerMbRReFkeDe4urD/ NLF+ST+7QF/0/itujuBVtVGSNUT9khRbKLD4802CcgqVhjS8jZvGfoaGf+teQVkR zvDEjR2DpzNcbFnaSxuC69AxZwJpin1xAZq2MOgMR0sbGCJsGSHWuU/igAB6g5sr BNLNI7u14CnysFvKWfHDq0loaKcr5Cmep217hLBb+psYKi4kzvIL3l6vl/dudLm4 64mnSuSKvsjq2d74F7vdut8pBSALJ9mZCXVCj9zQjM5a7NAKfUdxzU2ryMF1u7tC jTZhq5W9L+EeTtijp3H9ZXVs0smvXMBas9QdkF5p3o85BFD90HeH2oSuDazuJhZU L3uudn82Wln24A9wOcb1aLd0Es0= =eBtR END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Snort® IPS/IDS

Date Description
2017-10-05 Cisco License Manager ReportCSV directory traversal attempt
RuleID : 44500 - Revision : 1 - Type : SERVER-WEBAPP
2017-10-05 Cisco License Manager ReportCSV directory traversal attempt
RuleID : 44499 - Revision : 1 - Type : SERVER-WEBAPP
2017-10-05 Cisco License Manager ReportCSV directory traversal attempt
RuleID : 44498 - Revision : 1 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2017-11-01 17:22:39
  • Multiple Updates
2017-10-05 13:26:50
  • Multiple Updates
2017-10-04 21:22:29
  • First insertion