Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability

2018-05-02T16:00:00
ID CISCO-SA-20180502-PRIME-UPLOAD
Type cisco
Reporter Cisco
Modified 2018-10-29T15:38:01

Description

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device and execute those files.

For more information about this vulnerability per Cisco product, see the Details ["#details"] section of this security advisory.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload"]

A vulnerability in the File Upload servlet of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files to any directory of a vulnerable device and then execute those files.

The vulnerability is due to improper input validation of the parameters in the HTTP request and a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by uploading a crafted Java Server Pages (JSP) file to a specific folder using path traversal techniques and then executing that file remotely. An exploit could allow the attacker to execute arbitrary commands on the affected device with the privileges of the SYSTEM user.

The Common Vulnerability Scoring System (CVSS) score for this vulnerability is: Base 9.8 ["https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"]

The Security Impact Rating (SIR) for this vulnerability is: Critical

A vulnerability in the File Upload servlet of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to upload arbitrary files to any directory of a vulnerable device and then execute those files.

The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by logging in to the affected application as an unprivileged user, uploading a crafted Java Server Pages (JSP) file to a specific folder using path traversal techniques and then executing that file remotely. An exploit could allow the attacker to execute arbitrary commands on the affected device with the privileges of the SYSTEM user.

The CVSS score for this vulnerability is: Base 8.8 ["https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"]

The SIR for this vulnerability is: High