Vulnslist

find the latest Cisco vulnerabilities

Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability

cisco-sa-20180502-prime-upload · Critical · Published · Updated

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device and execute those files. For more information about this vulnerability per Cisco product, see the Details section of this security advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2018-0258
Cisco Bug IDsCSCvf32411, CSCvf81727
CVSS ScoreBase 9.8
Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Base 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Prime Data Center Network Manager (DCNM), Cisco Prime Infrastructure

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2018-0258 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2018-0258 Cisco OpenVuln
Cisco Application Centric Infrastructure Virtual Edge CVE-2018-0258 Cisco OpenVuln
Cisco Prime Infrastructure CVE-2018-0258 Cisco OpenVuln
Cisco Prime Data Center Network Manager (DCNM) CVE-2018-0258 Cisco OpenVuln