|
|||
Rule General Information |
---|
Release Date: | 2019-06-14 | |
Rule Name: | Cisco Prime Infrastructure and DCNM XmpFileUploadServlet Directory Traversal Vulnerability (CVE-2018-0258) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727. | |
Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | SecurityFocusBID:104074 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload https://www.tenable.com/security/research/tra-2018-11 |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload |