A remote code execution vulnerability has been reported in Cisco Prime File Upload Servlet. This is due to improper input validation of the parameters in the HTTP request and a processing error in the role-based access control (RBAC) of URLs. A remote attacker could exploit this vulnerability by uploading a crafted Java Server Pages (JSP) file to a specific folder using path traversal techniques and then executing that file remotely. Successful exploitation could lead to arbitrary code execution.
from Check Point Update Services Advisories https://ift.tt/2Kus5va
No comments:
Post a Comment