Cisco Prime Infrastructure TFTP file upload vulnerability

Added: 10/11/2018
BID: 105506

Background

Cisco Prime Infrastructure, is a management system of wireless and wired networks.

Problem

A vulnerability in Cisco Prime Infrastructure allows remote, unauthenticated attackers to execute arbitrary commands by uploading a JSP file via TFTP, and then executing the file via an HTTPS GET request.

Resolution

Disable TFTP or upgrade to a fixed version as described in cisco-sa-20181003-pi-tftp.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-tftp

Platforms

Linux
Linux x64

Back to exploit index