CVE-2018-0258 — Path Traversal in Cisco Prime Data Center Network Manager

CWE-22 — Path Traversal CWE-434 — Unrestricted File Upload5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

29.7%

top 3.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Data Center Network Manager Cisco Prime Infrastructure

Timeline

PublishedMay 2

Latest updateMay 13

Description

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/prime_data_center_network_manager10.0\(1\), 10.2\(1\)+1

▶NVDcisco/prime_infrastructure3.3\(0.0\)

🔴Vulnerability Details

GHSA

GHSA-9j6j-4f32-jc6g: A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to an↗2022-05-13

▶

CVEList

CVE-2018-0258: A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to an↗2018-05-02

▶

📋Vendor Advisories

Cisco

Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability↗2018-05-02

▶