Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability
Vulnerability Description
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.
CVSS Information
N/A
Vulnerability Type
Permission Issues
Vulnerability Title
Cisco Prime Infrastructure 安全漏洞
Vulnerability Description
Cisco Prime Infrastructure(PI)是美国思科(Cisco)公司的一套通过Cisco Prime LAN Management Solution(LMS)和Cisco Prime Network Control System(NCS)技术进行无线管理的解决方案。 Cisco PI 3.2版本至3.4版本的HTTP Web服务器中存在命令执行漏洞,该漏洞源于程序对重要的系统目录进行了不正确的权限设置。远程攻击者可借助TFTP上传恶意的文件利用该漏洞未经身份验证在目标应用程序上运行命令
CVSS Information
N/A
Vulnerability Type
N/A