CVE-2017-3851

Name of the Vulnerable Software and Affected Versions Cisco IOx versions 1.0.0.0 through 1.1.0.0

Description A Directory Traversal issue in the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the affected virtual instance. The issue is due to insufficient input validation, and an attacker could exploit it by submitting crafted requests to the web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not affect the hosting router.

Recommendations For Cisco IOx versions 1.0.0.0 through 1.1.0.0, consider restricting access to the CAF web interface until a patch is available. As a temporary workaround, limit the submission of crafted requests to the CAF web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.