CVE-2018-15450
Summary
| CVE | CVE-2018-15450 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-11-08 20:29:00 UTC |
| Updated | 2020-09-16 19:12:00 UTC |
| Description | A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Prime Collaboration | 12.1 | All | All | All |
| Application | Cisco | Prime Collaboration | 12.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Prime Collaboration Assurance File Overwrite Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Cisco Prime Collaboration Assurance CVE-2018-15450 Arbitrary File Overwrite Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.