Multiple vulnerabilities in in Cisco Prime Infrastructure
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-15379 CVE-2018-15432 CVE-2018-15433 |
| CWE-ID | CWE-77 CWE-200 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Cisco Prime Infrastructure Server applications / Remote management servers, RDP, SSH |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Command injection
EUVDB-ID: #VU15214
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C]
CVE-ID: CVE-2018-15379
CWE-ID:
CWE-77 - Command injection
Exploit availability: Yes
Description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary command on the target system.
The weakness exists in the HTTP web server for Cisco Prime Infrastructure (PI) due to incorrect permission setting for important system directories. A remote attacker can upload a malicious file by using TFTP, which can be accessed via the web-interface GUI, run arbitrary commands at the privilege level of the user prime and without authentication.
MitigationInstall update from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.2.0.0 - 3.5.0.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-tftp
http://blogs.securiteam.com/index.php/archives/3723
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Command injection
EUVDB-ID: #VU15215
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the HTTP web server for Cisco Prime Infrastructure (PI) due to command injection. A local attacker can bypass execution restrictions in a SUID binary and execute arbitrary commands to gain elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.2.0.0 - 3.5.0.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-tftp
http://blogs.securiteam.com/index.php/archives/3723
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU15217
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-15432
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The vulnerability exists due to the transmission of sensitive information as part of a GET request. A remote attacker can send a specially crafted GET request to a vulnerable device and view sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.2.0.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-id
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU15216
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-15433
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The vulnerability exists due to the transmission of sensitive information as part of a GET request. A remote attacker can send a specially crafted GET request to a vulnerable device and view sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.2.0.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-prime-id
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
