CVE-2017-6614

Name of the Vulnerable Software and Affected Versions Cisco FindIT Network Probe Software version 1.0.0

Description The issue is related to the file-download feature of the web user interface, where the absence of role-based access control (RBAC) for file-download requests allows an authenticated, remote attacker to download and view any system file. An attacker could exploit this by sending a crafted HTTP request. A successful exploit could allow the attacker to download and view any system file.

Recommendations For Cisco FindIT Network Probe Software version 1.0.0, consider restricting access to the file-download feature until a patch is available. As a temporary workaround, limit the role-based access to prevent unauthorized file downloads.