CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2018-0258

CVSS 9.8v3.0pub. 2018-05-02upd. 2024-11-21

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Prime Data Center Network Manager

    APP
    Cisco
    10.0\(1\)10.2\(1\)
  • Cisco Prime Infrastructure

    APP
    Cisco
    3.3\(0.0\)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2019-15958CRITICAL9.8ten sam produkt

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Mana...

CVE-2018-15379CRITICAL9.8ten sam produkt

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory pe...

CVE-2017-6639CRITICAL9.8ten sam produkt

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manag...

CVE-2017-6640CRITICAL9.8ten sam produkt

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, rem...

CVE-2016-1289CRITICAL9.8ten sam produkt

The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allo...