Directory Traversal Vulnerability in Cisco IOx Application Hosting Framework

CVE-2017-3851

Summary

A Directory Traversal vulnerability exists in the web framework code of the Cisco application-hosting framework (CAF), allowing an unauthenticated remote attacker to access and read any file within the CAF that runs inside the virtual instance on the affected Cisco device. This vulnerability stems from insufficient input validation and can be exploited by sending specially crafted requests to the CAF web interface. While the executed attack is confined to the virtual instance, it poses significant risks to data integrity and confidentiality. The impacted versions include Cisco IOx Releases 1.0.0.0 and 1.1.0.0, as identified in Cisco Bug IDs: CSCuy52302.

References