CVE-2017-3851 : A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component

A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52302.

Published 2017-03-22 19:59:00

Updated 2017-07-12 01:29:16

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2017-3851

Probability of exploitation activity in the next 30 days: 0.28%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-3851

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2017-3851

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)

References for CVE-2017-3851

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1

Cisco Application-Hosting Framework Directory Traversal Vulnerability
Vendor Advisory
http://www.securityfocus.com/bid/97013

Cisco Application-Hosting Framework CVE-2017-3851 Directory Traversal Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1038106

Cisco IOx for Cisco ASR 1000 Series Routers Input Validation Flaw Lets Remote Users Obtain Files on the Target System - SecurityTracker
http://www.securitytracker.com/id/1038107

Cisco IOX for 800 Series Industrial Integrated Services Routers Input Validation Flaw Lets Remote Users Obtain Files on the Target System - SecurityTracker

Products affected by CVE-2017-3851

Cisco » IOX » Version: 1.1.0
cpe:2.3:a:cisco:iox:1.1.0:*:*:*:*:*:*:*
Matching versions
Cisco » IOX » Version: 1.1(0)
cpe:2.3:a:cisco:iox:1.1\(0\):*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-3851

Exploit prediction scoring system (EPSS) score for CVE-2017-3851

CVSS scores for CVE-2017-3851

CWE ids for CVE-2017-3851

References for CVE-2017-3851

Products affected by CVE-2017-3851