Critical flaw in the Cisco Prime Infrastructure leads to arbitrary file Upload and command execution (November 3, 2018)

CVE-2018-15379 – HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions allowing an unauthenticated, remote attacker to upload an arbitrary file. This file can later be executed by the attacker at the privilege level of the user. The vulnerability is due to incorrect permission setting for system directories. An attacker could exploit this vulnerability by uploading a malicious file using TFTP ( Trivial File Transfer Protocol), which can later be accessed via the web-interface. Successful exploitation could result in the execution of arbitrary code in the context of the prime user…Learn More