Cisco Prime Infrastructure TFTP Arbitrary File Upload and Command Execution Vulnerability (cisco-sa-20181003-pi-tftp)
High Nessus Plugin ID 118088
SynopsisThe remote Cisco Prime Infrastructure application running on the remote host is affected by multiple vulnerabilities.
DescriptionThe Cisco Prime Infrastructure application running on the remote host is affected by an arbitrary file upload flaw, which could lead to a remote code execution vulnerability. This is due to incorrect permissions for various system folders, which a file could be uploaded to via TFTP. The commands in that file could then executes the prime or root privilege level.
SolutionUpgrade to Cisco Prime Infrastructure version 3.3.1 Update 02, 3.4.1, or later.