CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-0258

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0590%
EPSS Percentile15.81th
Published2018年5月2日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.

Affected Platforms (CPE)

📦
Cisco

Prime Data Center Network Manager

= 10.0\(1\)
📦
Cisco

Prime Data Center Network Manager

= 10.2\(1\)
📦
Cisco

Prime Infrastructure

= 3.3\(0.0\)

References & Advisories

🔗 http://www.securityfocus.com/bid/104074
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload
🔗 https://www.tenable.com/security/research/tra-2018-11
🔗 http://www.securityfocus.com/bid/104074
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload
🔗 https://www.tenable.com/security/research/tra-2018-11

相關漏洞威脅

CVE-2012-541710.0

Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer funct...

CVE-2013-548610.0

Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) bef...

CVE-2017-66399.8

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allo...

CVE-2017-66409.8

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log ...