Lucene search

[email protected]CVE-2018-0258

HistoryMay 02, 2018 - 10:29 p.m.

CVE-2018-0258

2018-05-0222:29:00

CWE-434

CWE-22

[email protected]

web.nvd.nist.gov

cisco

vulnerability

file upload

remote attacker

arbitrary files

path traversal

execute

cisco prime

data center network manager

dcnm

cisco prime infrastructure

cisco bug ids

cscvf32411

cscvf81727

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.2%

JSON

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.

Affected configurations

NVD

Node

ciscoprime_data_center_network_managerMatch10.0\(1\)

ciscoprime_data_center_network_managerMatch10.2\(1\)

Node

ciscoprime_infrastructureMatch3.3\(0.0\)

CPENameOperatorVersion
cisco:prime_data_center_network_managercisco prime data center network managereq10.0\(1\)
cisco:prime_data_center_network_managercisco prime data center network managereq10.2\(1\)

CPE	Name	Operator	Version
cisco:prime_data_center_network_manager	cisco prime data center network manager	eq	10.0\(1\)
cisco:prime_data_center_network_manager	cisco prime data center network manager	eq	10.2\(1\)

CNA Affected

[
  {
    "product": "Cisco Prime File Upload Servlet",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Prime File Upload Servlet"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104074

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload

www.tenable.com/security/research/tra-2018-11

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.2%

JSON

Related for CVE-2018-0258

nessus1 cisco1 checkpoint_advisories1 prion1 cvelist1 nvd1