CVE-2018-15450

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Assurance (affected versions not specified)

Description The issue is caused by insufficient input validation in the web-based UI, allowing a remote attacker to overwrite files on the file system. An attacker could exploit this by using a specific UI input field to provide a custom path location. This could allow the attacker to overwrite files on the file system.

Recommendations For Cisco Prime Collaboration Assurance, ensure proper input validation is in place to prevent file overwriting. As a temporary workaround, consider restricting access to the web-based UI to minimize the risk of exploitation. Avoid using specific UI input fields that could allow custom path locations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.