A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote malicious user to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco prime data center network manager 10.0\\(1\\) |
||
cisco prime data center network manager 10.2\\(1\\) |
||
cisco prime infrastructure 3.3\\(0.0\\) |
Cisco's Prime and Secure Access Control also have critical-rated bugs to squash
It's time for Cisco's Midweek Misery, netadmins, with four critical vulns to patch and a slew of others to look over if you have time. WebEx has two nasties, CVE-2018-0112 and CVE-2018-0264. CVE-2018-0112 is a remote code execution (RCE) vulnerability in two clients (the WebEx Business Suite client and WebEx Meetings), and the WebEx Meetings Server. It's an input validation slip-up that means an attacker can share a malicious Flash file (extension .swf) within WebEx and execute code on a victim'...