CyberSec.Space Logo
Back to CVE Browser

CVE-2018-0258

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0590%
EPSS Percentile15.81th
PublishedMay 2, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.

Affected Platforms (CPE)

πŸ“¦
Cisco

Prime Data Center Network Manager

= 10.0\(1\)
πŸ“¦
Cisco

Prime Data Center Network Manager

= 10.2\(1\)
πŸ“¦
Cisco

Prime Infrastructure

= 3.3\(0.0\)

References & Advisories

πŸ”— http://www.securityfocus.com/bid/104074
πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload
πŸ”— https://www.tenable.com/security/research/tra-2018-11
πŸ”— http://www.securityfocus.com/bid/104074
πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload
πŸ”— https://www.tenable.com/security/research/tra-2018-11

Related Vulnerabilities

CVE-2012-541710.0

Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer funct...

CVE-2013-548610.0

Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) bef...

CVE-2017-66399.8

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allo...

CVE-2017-66409.8

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log ...