SB2018100310 - Multiple vulnerabilities in in Cisco Prime Infrastructure
Published: October 3, 2018 Updated: October 9, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Command injection (CVE-ID: CVE-2018-15379)
The vulnerability allows a remote unauthenticated attacker to execute arbitrary command on the target system.
The weakness exists in the HTTP web server for Cisco Prime Infrastructure (PI) due to incorrect permission setting for important system directories. A remote attacker can upload a malicious file by using TFTP, which can be accessed via the web-interface GUI, run arbitrary commands at the privilege level of the user prime and without authentication.
2) Command injection (CVE-ID: N/A)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the HTTP web server for Cisco Prime Infrastructure (PI) due to command injection. A local attacker can bypass execution restrictions in a SUID binary and execute arbitrary commands to gain elevated privileges.
3) Information disclosure (CVE-ID: CVE-2018-15432)
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The vulnerability exists due to the transmission of sensitive information as part of a GET request. A remote attacker can send a specially crafted GET request to a vulnerable device and view sensitive information.
4) Information disclosure (CVE-ID: CVE-2018-15433)
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The vulnerability exists due to the transmission of sensitive information as part of a GET request. A remote attacker can send a specially crafted GET request to a vulnerable device and view sensitive information.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-tftp
- https://blogs.securiteam.com/index.php/archives/3723
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-id
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-prime-id