PT-2017-17185 · Cisco · Cisco Findit Network Probe

Published

2017-04-20

Updated

2019-10-09

CVE-2017-6614

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco FindIT Network Probe Software version 1.0.0

Description The issue is related to the file-download feature of the web user interface, where the absence of role-based access control (RBAC) for file-download requests allows an authenticated, remote attacker to download and view any system file. An attacker could exploit this by sending a crafted HTTP request. A successful exploit could allow the attacker to download and view any system file.

Recommendations For Cisco FindIT Network Probe Software version 1.0.0, consider restricting access to the file-download feature until a patch is available. As a temporary workaround, limit the role-based access to prevent unauthorized file downloads.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-6614

Affected Products

Cisco Findit Network Probe

PT-2017-17185 · Cisco · Cisco Findit Network Probe

CVE-2017-6614

Weakness Enumeration

Related Identifiers

Affected Products

References · 4