Cisco Prime Infrastructure TFTP Arbitrary File Upload and Command Execution Vulnerability (cisco-sa-20181003-pi-tftp)
High Nessus Plugin ID 118088
Synopsis
The remote Cisco Prime Infrastructure application running on the remote host is affected by multiple vulnerabilities.
Description
The Cisco Prime Infrastructure application running on the remote host is affected by an arbitrary file upload flaw, which could lead to a remote code execution vulnerability. This is due to incorrect permissions for various system folders, which a file could be uploaded to via TFTP. The commands in that file could then executes the prime or root privilege level.
Solution
Upgrade to Cisco Prime Infrastructure version 3.3.1 Update 02, 3.4.1, or later.