cnvd - cnvd-2017-03876

CNVD-2017-03876

Vulnerability from cnvd - Published: 2017-04-05

Title

Cisco Iox CAF组件中Web框架目录遍历漏洞

Description

Cisco IOx是美国思科（Cisco）公司的一套为思科物联网网络基础设施提供统一托管功能的应用程序。思科IOx版本1.0.0.0和1.1.0.0易受攻击的CAF组件中的Web框架代码存在目录遍历漏洞，远程攻击者可利用该漏洞提交特殊的目录遍历请求读取任意文件。

Severity

中

Patch Name

Cisco Iox CAF组件中Web框架目录遍历漏洞的补丁

Patch Description

Cisco IOx是美国思科（Cisco）公司的一套为思科物联网网络基础设施提供统一托管功能的应用程序。思科IOx版本1.0.0.0和1.1.0.0易受攻击的CAF组件中的Web框架代码存在目录遍历漏洞，远程攻击者可利用该漏洞提交特殊的目录遍历请求读取任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1

Impacted products

Name
['Cisco IOx Software 1.1.0.0', 'Cisco IOx Software 1.0.0.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3851",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3851"
    }
  },
  "description": "Cisco IOx\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u601d\u79d1\u7269\u8054\u7f51\u7f51\u7edc\u57fa\u7840\u8bbe\u65bd\u63d0\u4f9b\u7edf\u4e00\u6258\u7ba1\u529f\u80fd\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u601d\u79d1IOx\u7248\u672c1.0.0.0\u548c1.1.0.0\u6613\u53d7\u653b\u51fb\u7684CAF\u7ec4\u4ef6\u4e2d\u7684Web\u6846\u67b6\u4ee3\u7801\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u76ee\u5f55\u904d\u5386\u8bf7\u6c42\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-03876",
  "openTime": "2017-04-05",
  "patchDescription": "Cisco IOx\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u601d\u79d1\u7269\u8054\u7f51\u7f51\u7edc\u57fa\u7840\u8bbe\u65bd\u63d0\u4f9b\u7edf\u4e00\u6258\u7ba1\u529f\u80fd\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u601d\u79d1IOx\u7248\u672c1.0.0.0\u548c1.1.0.0\u6613\u53d7\u653b\u51fb\u7684CAF\u7ec4\u4ef6\u4e2d\u7684Web\u6846\u67b6\u4ee3\u7801\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u76ee\u5f55\u904d\u5386\u8bf7\u6c42\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Iox CAF\u7ec4\u4ef6\u4e2dWeb\u6846\u67b6\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOx Software 1.1.0.0",
      "Cisco IOx Software  1.0.0.0"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-23",
  "title": "Cisco Iox CAF\u7ec4\u4ef6\u4e2dWeb\u6846\u67b6\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

CVE-2017-3851 (GCVE-0-2017-3851)

Vulnerability from cvelistv5 – Published: 2017-03-22 19:00 – Updated: 2024-08-05 14:39

Summary

A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52302.

Severity ?

No CVSS data available.

CWE

CWE-22 - Directory Traversal Vulnerability

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/97013	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1038107	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1038106	vdb-entryx_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Application-Hosting Framework	Affected: Cisco Application-Hosting Framework

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97013",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97013"
          },
          {
            "name": "1038107",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038107"
          },
          {
            "name": "1038106",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038106"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Application-Hosting Framework",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Application-Hosting Framework"
            }
          ]
        }
      ],
      "datePublic": "2017-03-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52302."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Directory Traversal Vulnerability",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-11T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "97013",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97013"
        },
        {
          "name": "1038107",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038107"
        },
        {
          "name": "1038106",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038106"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3851",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Application-Hosting Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Application-Hosting Framework"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52302."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22 Directory Traversal Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97013",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97013"
            },
            {
              "name": "1038107",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038107"
            },
            {
              "name": "1038106",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038106"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3851",
    "datePublished": "2017-03-22T19:00:00",
    "dateReserved": "2016-12-21T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-03876

CVE-2017-3851 (GCVE-0-2017-3851)

Tags

Sightings

Nomenclature