Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-15379 — Incorrect Permission Assignment in Cisco Prime Infrastructure

CWE-275 CWE-732 — Incorrect Permission Assignment6 documents6 sources

Severity

9.8CRITICALNVD

EPSS

89.6%

top 0.44%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Prime Infrastructure Cisco Prime Infrastructure

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploa…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/prime_infrastructure9 versions+8

▶CVEListV5cisco/cisco_prime_infrastructuren/a

🔴Vulnerability Details

GHSA

GHSA-h92j-m24w-8xp7: A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated↗2022-05-13

▶

CVEList

Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability↗2018-10-05

▶

💥Exploits & PoCs

Exploit-DB

Cisco Prime Infrastructure - (Unauthenticated) Remote Code Execution↗2018-10-04

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability↗2018-10-03

▶

🕵️Threat Intelligence

Tenable

Public Exploit Modules Available for Cisco Prime Infrastructure Vulnerability↗2018-10-12

▶