cbcvebase.
CVE-2018-0258
published 2018-05-02

CVE-2018-0258: A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any…

PriorityP274critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
49.87%
98.8th percentile
A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.

Affected

4 ranges
VendorProductVersion rangeFixed in
ciscoprime_data_center_network_manager
ciscoprime_data_center_network_manager
ciscoprime_file_upload_servlet_path
ciscoprime_infrastructure

Detection & IOCsextracted from sources · hover to see the quote

filenameWAR file containing a JSP webshell
  • Monitor for unauthenticated file uploads to the Cisco Prime File Upload servlet, particularly WAR files being written to arbitrary directories on the server.
  • Detect path traversal sequences in HTTP requests targeting the Cisco Prime File Upload servlet endpoint, as the vulnerability is a relative path traversal allowing writes to any directory.
  • Alert on JSP webshell execution following file upload activity on Cisco Prime DCNM (version 10.0+) and Cisco Prime Infrastructure (all versions).
  • ·Affected products are Cisco Prime DCNM version 10.0 and later, and Cisco Prime Infrastructure all versions. There are no known workarounds; only the vendor software update addresses this vulnerability.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.