ID
VAR-201710-0859
CVE
CVE-2017-15805
TITLE
Cisco Small Business SA520 and SA540 Path traversal vulnerability in device firmware
Trust: 0.8
sources:
JVNDB: JVNDB-2017-009497
DESCRIPTION
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. CiscoSmallBusinessSA520 and SA540 are firewall devices of Cisco Systems of the United States. An attacker could exploit this vulnerability to read arbitrary files with the \342\200\230thispage\342\200\231 parameter
Trust: 2.25
sources:
NVD: CVE-2017-15805 //
JVNDB: JVNDB-2017-009497 //
CNVD: CNVD-2017-35152 //
VULHUB: VHN-106664
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2017-35152
AFFECTED PRODUCTS
| vendor: | cisco | model: | small business sa520 | scope: | eq | version: | 2.1.71 | Trust: 2.4 |
| vendor: | cisco | model: | small business sa520 | scope: | eq | version: | 2.2.0.7 | Trust: 2.4 |
| vendor: | cisco | model: | small business sa540 | scope: | eq | version: | 2.1.71 | Trust: 2.4 |
| vendor: | cisco | model: | small business sa540 | scope: | eq | version: | 2.2.0.7 | Trust: 2.4 |
| vendor: | cisco | model: | small business sa520 and sa540 devices | scope: | eq | version: | 2.1.71 | Trust: 0.6 |
| vendor: | cisco | model: | small business sa520 and sa540 devices | scope: | eq | version: | 2.2.0.7 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-35152 //
JVNDB: JVNDB-2017-009497 //
CNNVD: CNNVD-201710-1074 //
NVD: CVE-2017-15805
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2017-35152 //
VULHUB: VHN-106664 //
JVNDB: JVNDB-2017-009497 //
CNNVD: CNNVD-201710-1074 //
NVD: CVE-2017-15805
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.9 |
sources:
VULHUB: VHN-106664 //
JVNDB: JVNDB-2017-009497 //
NVD: CVE-2017-15805
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201710-1074
TYPE
path traversal
Trust: 0.6
sources:
CNNVD: CNNVD-201710-1074
CONFIGURATIONS
sources:
JVNDB: JVNDB-2017-009497
PATCH
| title: | Cisco SA540 Security Appliance | url: | https://www.cisco.com/c/en/us/support/security/sa540-security-appliance/model.html | Trust: 0.8 |
| title: | Cisco SA520 Security Appliance | url: | https://www.cisco.com/c/en/us/support/security/sa520-security-appliance/model.html | Trust: 0.8 |
sources:
JVNDB: JVNDB-2017-009497
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-15805 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2017-009497 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201710-1074 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-35152 | Trust: 0.6 |
| db: | NSFOCUS | id: | 37861 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-106664 | Trust: 0.1 |
sources:
CNVD: CNVD-2017-35152 //
VULHUB: VHN-106664 //
JVNDB: JVNDB-2017-009497 //
CNNVD: CNNVD-201710-1074 //
NVD: CVE-2017-15805
REFERENCES
| url: | https://www.fwhibbit.es/lfi-en-cisco-small-business-sa500-series-cuando-la-seguridad-de-tu-red-esta-hecha-un-cisco | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-15805 | Trust: 1.4 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15805 | Trust: 0.8 |
| url: | http://www.nsfocus.net/vulndb/37861 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-35152 //
VULHUB: VHN-106664 //
JVNDB: JVNDB-2017-009497 //
CNNVD: CNNVD-201710-1074 //
NVD: CVE-2017-15805
SOURCES
| db: | CNVD | id: | CNVD-2017-35152 |
| db: | VULHUB | id: | VHN-106664 |
| db: | JVNDB | id: | JVNDB-2017-009497 |
| db: | CNNVD | id: | CNNVD-201710-1074 |
| db: | NVD | id: | CVE-2017-15805 |
LAST UPDATE DATE
2025-04-20T23:19:49.335000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-35152 | date: | 2017-11-27T00:00:00 |
| db: | VULHUB | id: | VHN-106664 | date: | 2017-11-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-009497 | date: | 2017-11-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201710-1074 | date: | 2017-10-27T00:00:00 |
| db: | NVD | id: | CVE-2017-15805 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-35152 | date: | 2017-11-27T00:00:00 |
| db: | VULHUB | id: | VHN-106664 | date: | 2017-10-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-009497 | date: | 2017-11-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201710-1074 | date: | 2017-10-27T00:00:00 |
| db: | NVD | id: | CVE-2017-15805 | date: | 2017-10-23T08:29:00.773 |