- Knowledge Base
- The Cisco Prime Infrastructure Health Monitor TarArchive directory traverses the vulnerability
The Cisco Prime Infrastructure Health Monitor TarArchive directory traverses the vulnerability
- Date Published:2019-06-19
- Last Updated:2019-06-20
- Version Affected: 3.6
The Cisco Prime infrastructure provides complete lifecycle management for converged wired and wireless networks.The Cisco Prime Infrastructure Health Monitor TarArchive has a directory traversal vulnerability. This vulnerability is caused by the HA Health Monitor component of the TarArchive Java class using unchecking any directory traversal. Although unpacking a Tar file, it can be used by remote users to upload a JSP loaded Apache Tomcat web application directory using the UploadServlet class and obtain arbitrary remote code execution.
At present, the manufacturer has issued an update patch to fix the vulnerability, and the patch gets the link: