CVE-2018-0258
Description
A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
29.69
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability For Cisco Prime Infrastructure | NCM |
| Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability For Cisco Data Center Network Manager | NCM |
| Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2018-0258) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705595 | Security Update for Cisco Prime Infrastructure 2.2(2) |
| PATCH-1706034 | Security Update for Cisco Data Center Network Manager 10.1(1.158)S0 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234