7.5
CVSSv2

CVE-2018-15379

Published: 05/10/2018 Updated: 10/01/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 795
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote malicious user to upload an arbitrary file. This file could allow the malicious user to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the malicious user to run commands on the targeted application without authentication.

Vulnerability Trend

Affected Products

Vendor Product Versions
CiscoPrime Infrastructure3.2, 3.2(0.0), 3.2(1.0), 3.2(2.0), 3.3, 3.3(0.0), 3.4, 3.4(0.0), 3.5(0.0)

Vendor Advisories

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file This file could allow the attacker to execute commands at the privilege level of the user prime This user does not have administrative or root privilege ...

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) ...

Mailing Lists

Hi, Here's a quick and easy unauth RCE as root in Cisco Prime Infrastructure This is a product widely deployed in data centers for router management good luck Thanks to Beyond Security SSD programme for helping me disclose this to Cisco Their advisory can be found at: blogssecuriteamcom/indexphp/archives/3723 And my own copy at: ...

Metasploit Modules

Cisco Prime Infrastructure Unauthenticated Remote Code Execution

Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing. The file upload vulnerability should have been fixed in versions 3.4.1 and 3.3.1 Update 02.

msf > use exploit/linux/http/cisco_prime_inf_rce
      msf exploit(cisco_prime_inf_rce) > show targets
            ...targets...
      msf exploit(cisco_prime_inf_rce) > set TARGET <target-id>
      msf exploit(cisco_prime_inf_rce) > show options
            ...show and set options...
      msf exploit(cisco_prime_inf_rce) > exploit