—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20180502-prime-upload

Revision: 1.0

For Public Release: 2018 May 2 16:00 GMT

Last Updated: 2018 May 2 16:00 GMT

CVE ID(s): CVE-2018-0258

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device and execute those files.

For more information about this vulnerability per Cisco product, see the Details [“#details”] section of this security advisory.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJa6eEzXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczCpIP/1HnRz4M46E3mgj8NRZy/W6ZVWlu
3WwgEfMssEx9qyr9mwRbieJ+CazQvQ9uA2dYuHqPe+O/7x1RENU3H9ckbVBcVjox
8k46z5QUkOGW5QN1HnoUh0A/H+bAZYcbGJDmXy9r3i05nmMARgDW8zQE7+NLpEcf
rDpzsrrrnu2FjlFU1Iuhfizq9HP3xbqt1ZWUgH+O73goR945m+QMhg4uad5hay7h
Svj2cWf11ZflcyuMTx5oKy4496oGDh2BZfArmrMqb/OyXWDA7NZnredIO9/Fa8P2
UuOWwrTe9RGRxhvzmAmqfolbol8PbVWUFSYoWnd3ElB34iHO40rsuyblGlYLv8WW
KqWRIvESirC2jj6bTM0+hbfU2yfpBWCUbYURvb/NYI8lmCSesKTjUZxJIyYNGY9Z
89N8+2agkzB2OP2x8MVaHWUST+2xXF0/WlTdc+dlKO76J6d158Q3ozspQ0Dc72U1
Mwa3986PKbHihcABOdDUG/vqKHihuIxMfS0PglXyh37gQmnJgnQ3uQzNMURyLzAY
eqdISyPnsppy8AIMkm5GA6xn1eCH1olDQDTiatwURkjwUyI2Fel/2CBs+DXhJXy4
YV+v/paUL4Uo5+zW+5gLP6rGxhBc1PM8Zj0ZwhJJUL9m3RGshd3XmJcqhIKxhzbL
FtZ+iuctQoA+Ur0X
=xOe2
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com