Lucene search

K
saintSAINT CorporationSAINT:33417BAB49323587AE63F8DF1E109A72
HistoryOct 11, 2018 - 12:00 a.m.

Cisco Prime Infrastructure TFTP file upload vulnerability

2018-10-1100:00:00
SAINT Corporation
my.saintcorporation.com
513

Added: 10/11/2018
BID: 105506

Background

Cisco Prime Infrastructure, is a management system of wireless and wired networks.

Problem

A vulnerability in Cisco Prime Infrastructure allows remote, unauthenticated attackers to execute arbitrary commands by uploading a JSP file via TFTP, and then executing the file via an HTTPS GET request.

Resolution

Disable TFTP or upgrade to a fixed version as described in cisco-sa-20181003-pi-tftp.

References

<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-tftp&gt;

Platforms

Linux
Linux x64