CVE-2018-15379 (CNNVD-201810-179)
中文标题:
Cisco Prime Infrastructure 安全漏洞
英文标题:
Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability
漏洞描述
中文描述:
Cisco Prime Infrastructure(PI)是美国思科(Cisco)公司的一套通过Cisco Prime LAN Management Solution(LMS)和Cisco Prime Network Control System(NCS)技术进行无线管理的解决方案。 Cisco PI 3.2版本至3.4版本的HTTP Web服务器中存在命令执行漏洞,该漏洞源于程序对重要的系统目录进行了不正确的权限设置。远程攻击者可借助TFTP上传恶意的文件利用该漏洞未经身份验证在目标应用程序上运行命令。
英文描述:
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure | n/a | - | - |
cpe:2.3:a:cisco:cisco_prime_infrastructure:n_a:*:*:*:*:*:*:*
|
| cisco | prime_infrastructure | 3.2 | - | - |
cpe:2.3:a:cisco:prime_infrastructure:3.2:*:*:*:*:*:*:*
|
| cisco | prime_infrastructure | 3.2\(0.0\) | - | - |
cpe:2.3:a:cisco:prime_infrastructure:3.2\(0.0\):*:*:*:*:*:*:*
|
| cisco | prime_infrastructure | 3.2\(1.0\) | - | - |
cpe:2.3:a:cisco:prime_infrastructure:3.2\(1.0\):*:*:*:*:*:*:*
|
| cisco | prime_infrastructure | 3.2\(2.0\) | - | - |
cpe:2.3:a:cisco:prime_infrastructure:3.2\(2.0\):*:*:*:*:*:*:*
|
| cisco | prime_infrastructure | 3.3 | - | - |
cpe:2.3:a:cisco:prime_infrastructure:3.3:*:*:*:*:*:*:*
|
| cisco | prime_infrastructure | 3.3\(0.0\) | - | - |
cpe:2.3:a:cisco:prime_infrastructure:3.3\(0.0\):*:*:*:*:*:*:*
|
| cisco | prime_infrastructure | 3.4 | - | - |
cpe:2.3:a:cisco:prime_infrastructure:3.4:*:*:*:*:*:*:*
|
| cisco | prime_infrastructure | 3.4\(0.0\) | - | - |
cpe:2.3:a:cisco:prime_infrastructure:3.4\(0.0\):*:*:*:*:*:*:*
|
| cisco | prime_infrastructure | 3.5\(0.0\) | - | - |
cpe:2.3:a:cisco:prime_infrastructure:3.5\(0.0\):*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
exploitdb
exploitdb
cve.org
CVSS评分详情
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2018-15379 |
2025-11-11 15:19:41 | 2025-11-11 07:35:07 |
| NVD | nvd_CVE-2018-15379 |
2025-11-11 14:55:59 | 2025-11-11 07:43:41 |
| CNNVD | cnnvd_CNNVD-201810-179 |
2025-11-11 15:10:05 | 2025-11-11 07:54:04 |
| EXPLOITDB | exploitdb_EDB-45555 |
2025-11-11 15:05:28 | 2025-11-11 08:48:47 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 4 -> 7
- tags_count: 0 -> 3
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-201810-179
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 9.8
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 1 -> 10
- data_sources: ['cve'] -> ['cve', 'nvd']