cbcvebase.
CVE-2018-0394
published 2018-07-18

CVE-2018-0394: A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell…

PriorityP355high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
1.60%
72.8th percentile
A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter. Cisco Bug IDs: CSCvi12935.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscocloud_services_platform_2100
ciscocloud_services_platform_2100_web_upload_function_code

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_cisco6.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.