7.5 - cisco-sa-20181003-pi-tftp

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability

Informations
Name	cisco-sa-20181003-pi-tftp	First vendor Publication	2018-10-03
Vendor	Cisco	Last vendor Modification	2018-10-03
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges.

The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-tftp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-tftp"]

BEGIN PGP SIGNATURE

iQJ4BAEBAgBjBQJbtOqeXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczncEP+M5lner1GQYzsV/jTeE4WiJE+pEF q0j8uE9xLSIld52PU2UdzdrGanNUhwOBPR1f2SOJmmxuCXt4KG0MKLtM5Wk4Jvky YV4mn8c4QmaJRlT9AP+OCP7RmlkoPnCaHPfQFlxORd9hxTCV5t+WaOrDb67974xZ s5gdxPZ4lRgL6kxZI4Sp8eE26Q04iwwLwRKsnxav/E1OsTYF0FCfk8Zyv30dELUY KMTqJd7C2dSIjR6rHVKXEIccjLaINoSdObollp3plvce9OGceXVcTv9AFNJYKNIi mn2Cga7De98GgIgDnOm+S3z00mgIGnQf8XSCcCqzJKev4S/9b8gQJlbCq23QO1Td szb4jZJ4wEzVRoY/gl9Y2Euiz/L9wTTDGIng16W+Tro09VSxk8FDa2quivhrAIKr UhA1RMyg8GPfnnbyHyA+7DTJE/5jwmnwksd3P7Gr0As3IqLxO+JGUclcl6ADXFFI yKM2S3WauiOOZ8DqWLlRMHYYAe2Wqe11n0QIVulKua55bcTq9/HqdpGwUQAJdgOc ZszhgHlbk2kODaLwA/lLJGTa4dsvMzIHc6oHTH4dNLZmI7JEE+JydUDCpV7/pNlG W4QVrgmC40x0QuSjyRyBCpzQ2S1uMJ83G/qDSgeDTqY+naKZZFftE4YvO/3x3+pK t72tqHjlSJsTFFk= =PxLJ END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-732	Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cisco Prime Infrastructure cpe:2.3:a:cisco:prime_infrastructure:3.5(0.0):::::::* cpe:2.3:a:cisco:prime_infrastructure:3.4(0.0):::::::* cpe:2.3:a:cisco:prime_infrastructure:3.4:::::::* cpe:2.3:a:cisco:prime_infrastructure:3.3(0.0):::::::* cpe:2.3:a:cisco:prime_infrastructure:3.3:::::::* cpe:2.3:a:cisco:prime_infrastructure:3.2(2.0):::::::* cpe:2.3:a:cisco:prime_infrastructure:3.2(1.0):::::::* cpe:2.3:a:cisco:prime_infrastructure:3.2(0.0):::::::* cpe:2.3:a:cisco:prime_infrastructure:3.2:::::::* cpe:2.3:a:cisco:prime_infrastructure:3.2:fips::::::	10

SAINT Exploits

Description	Link
Cisco Prime Infrastructure TFTP file upload vulnerability	More info here

Snort® IPS/IDS

Date	Description
2020-12-05	Cisco Prime Infrastructure arbitrary JSP file upload attempt RuleID : 48015 - Revision : 1 - Type : SERVER-WEBAPP

Metasploit Database

id	Description
2018-10-04	Cisco Prime Infrastructure Unauthenticated Remote Code Execution

Nessus® Vulnerability Scanner

Date	Description
2018-10-16	Name : The remote Cisco Prime Infrastructure application running on the remote host ... File : cisco_prime_infrastructure_tftp_upload_rce.nasl - Type : ACT_GATHER_INFO
2018-10-12	Name : The remote Cisco Prime Infrastructure application running on the remote host ... File : cisco_prime_infrastructure_20181003-pi-tftp.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2020-12-05 21:23:46	Multiple Updates
2020-05-23 13:16:43	Multiple Updates
2019-01-10 17:21:20	Multiple Updates
2018-10-05 21:21:50	Multiple Updates
2018-10-03 21:18:54	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	10
Saint Exploit(s)	1
Metasploit Exploit(s)	1
Snort® Rule(s)	1
Nessus® Exploit(s)	2

	Related
9.8	CVE-2018-15379
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)