CVE-2018-0300

CWE-22Path Traversal4 documents4 sources
Severity
7.2HIGH
EPSS
1.8%
top 17.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Fxos
Timeline
PublishedJun 21
Latest updateMay 13

Description

A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an affected device. The vulnerability is due to insufficient validation during the application image upload process. An attacker could exploit this vulnerability by creating an application image

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco_firepower_4100_series_next-generation_firewall_and_firepower_9300_security_appliance_unknownCisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance unknown
NVDcisco/fxos2.0\(1.68\)

🔴Vulnerability Details

2
GHSA
GHSA-ch88-fg86-h47v: A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) an2022-05-13
CVEList
CVE-2018-0300: A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) an2018-06-21

📋Vendor Advisories

1
Cisco
Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance Path Traversal Vulnerability2018-06-20
CVE-2018-0300 (HIGH CVSS 7.2) | A vulnerability in the process of u | cvebase.io