What is CVE-2017-12285?

CVE-2017-12285 is a medium-severity vulnerability in Cisco Prime_network_analysis_module, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2017-10-19.

How severe is CVE-2017-12285?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2017-12285 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Cisco Prime_network_analysis_module

CVE-2017-12285

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.774 (99.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Cisco Prime_network_analysis_module — versions 6.2\(1b\)
N/a Cisco Network Analysis Module — versions Cisco Network Analysis Module

Weakness classification (CWE)

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-12285?: CVE-2017-12285 is a medium-severity vulnerability in Cisco Prime_network_analysis_module, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2017-10-19.
How severe is CVE-2017-12285?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2017-12285 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.