CVE-2018-15379

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure (affected versions not specified)

Description A vulnerability exists due to incorrect permission settings for important system directories in the HTTP web server for Cisco Prime Infrastructure. This could allow an unauthenticated, remote attacker to upload an arbitrary file, potentially enabling the execution of commands at the privilege level of the user 'prime', which does not have administrative or root privileges. The vulnerability can be exploited by uploading a malicious file using TFTP, accessible via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.