CVE Vulnerability

CVE-2018-0258

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload Vendor Advisory
http://www.securityfocus.com/bid/104074 Third Party Advisory VDB Entry
https://www.tenable.com/security/research/tra-2018-11 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:cisco:prime_data_center_network_manager:10.0(1):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:10.2(1):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:3.3(0.0):*:*:*:*:*:*:*
Information

Published : 2018-05-02 10:29

Updated : 2019-10-09 11:31

NVD link : CVE-2018-0258

Mitre link : CVE-2018-0258

Products Affected
No products.
CWE
CWE-22

CWE-434