File Download Vulnerability in Cisco FindIT Network Probe Software
CVE-2017-6614

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Findit
Vendor: CVE Published:; 20 April 2017

Summary

A flaw in the file-download feature of Cisco FindIT Network Probe Software 1.0.0 allows authenticated remote attackers to exploit the absence of role-based access control (RBAC). By sending a specially crafted HTTP request, an attacker can access and download any system file, potentially compromising sensitive data stored in the system. This poses significant risks to network security, as it grants unauthorized file access through the exploited software.

Affected Version(s)

Cisco FindIT Cisco FindIT

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97926

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 20, 2017
Vulnerability Reserved
Mar 9, 2017