CVE-2018-0394
published 2018-07-18CVE-2018-0394: A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell…
PriorityP355high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
1.60%
72.8th percentile
A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter. Cisco Bug IDs: CSCvi12935.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cloud_services_platform_2100 | — | — |
| cisco | cloud_services_platform_2100_web_upload_function_code | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_cisco6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability
vendor_cisco·2018-07-18·CVSS 6.3
CVE-2018-0394 [MEDIUM] CWE-20 Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability
Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability
A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system.
The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-csp2100-injection
Cisco
Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0394 Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability
CVE-2018-0394: Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability
A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter. There are no
CVSS: 3.0
CWE: CWE-20, CWE-20
Bug IDs: CSCvi12935
GHSA
GHSA-8cr5-8pg9-3h7w: A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted sh
ghsa_unreviewed·2022-05-13
CVE-2018-0394 [HIGH] CWE-20 GHSA-8cr5-8pg9-3h7w: A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted sh
A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter. Cisco Bug IDs: CSCvi12935.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-18
Published