Main Vulnerability Database SB2017100516

SB2017100516 - Information disclosure in Cisco License Manager

Published: October 5, 2017

Security Bulletin ID SB2017100516

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Directory traversal (CVE-ID: CVE-2017-12263)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the web interface of Cisco License Manager software due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. A remote attacker can use directory traversal techniques to submit a path to a desired file location and view application files which may contain sensitive information.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm