Vulnerability Description
A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Data Center Network Manager | 10.0\(1\) |
| Cisco | Prime Infrastructure | 3.3\(0.0\) |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104074Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://www.tenable.com/security/research/tra-2018-11Third Party Advisory
- http://www.securityfocus.com/bid/104074Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://www.tenable.com/security/research/tra-2018-11Third Party Advisory
FAQ
What is CVE-2018-0258?
CVE-2018-0258 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Trave...
How severe is CVE-2018-0258?
CVE-2018-0258 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-0258?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Prime Data Center Network Manager, Cisco Prime Infrastructure.