Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability
Informations
Name cisco-sa-20180502-prime-upload First vendor Publication 2018-05-02
Vendor Cisco Last vendor Modification 2018-05-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device and execute those files.

For more information about this vulnerability per Cisco product, see the Details ["#details"] section of this security advisory.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJa6eEzXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczCpIP/1HnRz4M46E3mgj8NRZy/W6ZVWlu 3WwgEfMssEx9qyr9mwRbieJ+CazQvQ9uA2dYuHqPe+O/7x1RENU3H9ckbVBcVjox 8k46z5QUkOGW5QN1HnoUh0A/H+bAZYcbGJDmXy9r3i05nmMARgDW8zQE7+NLpEcf rDpzsrrrnu2FjlFU1Iuhfizq9HP3xbqt1ZWUgH+O73goR945m+QMhg4uad5hay7h Svj2cWf11ZflcyuMTx5oKy4496oGDh2BZfArmrMqb/OyXWDA7NZnredIO9/Fa8P2 UuOWwrTe9RGRxhvzmAmqfolbol8PbVWUFSYoWnd3ElB34iHO40rsuyblGlYLv8WW KqWRIvESirC2jj6bTM0+hbfU2yfpBWCUbYURvb/NYI8lmCSesKTjUZxJIyYNGY9Z 89N8+2agkzB2OP2x8MVaHWUST+2xXF0/WlTdc+dlKO76J6d158Q3ozspQ0Dc72U1 Mwa3986PKbHihcABOdDUG/vqKHihuIxMfS0PglXyh37gQmnJgnQ3uQzNMURyLzAY eqdISyPnsppy8AIMkm5GA6xn1eCH1olDQDTiatwURkjwUyI2Fel/2CBs+DXhJXy4 YV+v/paUL4Uo5+zW+5gLP6rGxhBc1PM8Zj0ZwhJJUL9m3RGshd3XmJcqhIKxhzbL FtZ+iuctQoA+Ur0X =xOe2 END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-434 Unrestricted Upload of File with Dangerous Type (CWE/SANS Top 25)
50 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 1

Snort® IPS/IDS

Date Description
2020-12-05 Cisco Prime Infrastructure directory traversal attempt
RuleID : 46494 - Revision : 4 - Type : SERVER-WEBAPP
2020-12-05 Cisco Prime Infrastructure directory traversal attempt
RuleID : 46493 - Revision : 4 - Type : SERVER-WEBAPP
2020-12-05 Cisco Prime Infrastructure directory traversal attempt
RuleID : 46492 - Revision : 4 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2018-06-13 Name : A network management system running on the remote host is affected by a remot...
File : cisco_dcnm_cve-2018-0258.nasl - Type : ACT_ATTACK

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2020-12-05 21:23:46
  • Multiple Updates
2018-06-13 17:21:13
  • Multiple Updates
2018-05-03 05:19:52
  • Multiple Updates
2018-05-02 21:20:47
  • First insertion