CVE-2018-0258
N/A
N/A
Summary
A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Cisco Prime File Upload Servlet | Cisco Prime File Upload Servlet | affected |
Weaknesses
- CWE-22: CWE-22
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/104074
- https://www.tenable.com/security/research/tra-2018-11
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- http://www.securityfocus.com/bid/104074
- https://www.tenable.com/security/research/tra-2018-11
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.