CVE-2018-0394
Summary
| CVE | CVE-2018-0394 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-18 23:29:00 UTC |
| Updated | 2019-10-09 23:31:00 UTC |
| Description | A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter. Cisco Bug IDs: CSCvi12935. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Cloud Services Platform 2100 | 2.2(4) | All | All | All |
| Application | Cisco | Cloud Services Platform 2100 | 2.2\(4\) | All | All | All |
| Application | Cisco | Cloud Services Platform 2100 | 2.2\(4\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| Cisco Cloud Services Platform CVE-2018-0394 Remote Code Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.