Main Vulnerability Database Vulnerabilities #VU13978

Code injection in Cisco Cloud Services Platform 2100 - CVE-2018-0394

Published: July 18, 2018 / Updated: July 23, 2018

Vulnerability identifier: #VU13978

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0394

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Cloud Services Platform 2100

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The vulnerability exists in the web upload function of Cisco Cloud Services Platform 2100 due to insufficient input validation of parameters passed to a specific function within the user interface. A remote attacker can inject arbitrary code into a function parameter and obtain restricted shell access to the affected system.

How to mitigate CVE-2018-0394

Update to version 2.2(5).

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-csp2100-inje...

Code injection in Cisco Cloud Services Platform 2100 - CVE-2018-0394

Detailed vulnerability description

How to mitigate CVE-2018-0394

Sources

Please verify you're human