CVE-2017-12252

Name of the Vulnerable Software and Affected Versions Cisco FindIT Network Discovery Utility (affected versions not specified)

Description A vulnerability could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The issue is due to the application loading a malicious copy of a specific DLL file instead of the expected one. An attacker could exploit this by placing the affected DLL within the search path of the host system, allowing them to load a malicious DLL file into the system and partially compromise confidentiality, integrity, and availability on the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.