The Cisco Prime Infrastructure Health Monitor TarArchive directory traverses the vulnerability

Summary

The Cisco Prime infrastructure provides complete lifecycle management for converged wired and wireless networks.The Cisco Prime Infrastructure Health Monitor TarArchive has a directory traversal vulnerability. This vulnerability is caused by the HA Health Monitor component of the TarArchive Java class using unchecking any directory traversal. Although unpacking a Tar file, it can be used by remote users to upload a JSP loaded Apache Tomcat web application directory using the UploadServlet class and obtain arbitrary remote code execution.


Solution

At present, the manufacturer has issued an update patch to fix the vulnerability, and the patch gets the link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce