VDB

CVE-2017-12263

CVE-2017-12263 PUBLISHED CVSS 5 MEDIUM

A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577.

EPSS 33.40% · 97.0th percentile

Risk Scores

CVSS 2.0
5
EPSS Score
33.40%
97.0th percentile

Affected Products

VendorProductVersions
ciscolicense_manager3.2.6
n/aCisco License Manager*

Exploit Intelligence

Timeline

  • Oct 4, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 19, 2023 EPSS Score
  • May 13, 2023 EPSS Score
  • May 25, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›