How severe is CVE-2018-15379?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2018-15379?

This is classified as CWE-275, which is a common weakness in software security.

CVE-2018-15379 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.

Related Vulnerabilities

CVE-2017-16887

CRITICAL

CVSS:9.8(Critical)

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure o...

CWE-2752017

CVE-2017-17060

CRITICAL

CVSS:9.8(Critical)

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.

CWE-2752017

CVE-2020-14496

CRITICAL

CVSS:9.8(Critical)

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and ex...

CWE-2752020

CVE-2021-22566

MEDIUM

CVSS:9.8(Critical)

An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to by...

CWE-2752021

CVE-2023-3759

CRITICAL

CVSS:9.8(Critical)

A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation leads to permission issues. It is possible to launch the attack r...

CWE-2752023

CVE-2017-6513

CRITICAL

CVSS:9.9(Critical)

The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Vi...

CWE-2752017