CVE-2018-15450

CWE-20Improper Input ValidationCWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.6%
top 31.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Prime Collaboration AssuranceCisco Prime Collaboration
Timeline
PublishedNov 8
Latest updateMay 13

Description

A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-64rj-5cf2-pc5w: A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the fil2022-05-13
CVEList
Cisco Prime Collaboration Assurance File Overwrite Vulnerability2018-11-08

📋Vendor Advisories

1
Cisco
Cisco Prime Collaboration Assurance File Overwrite Vulnerability2018-11-07
CVE-2018-15450 (MEDIUM CVSS 6.5) | A vulnerability in the web-based UI | cvebase.io