Arbitrary File Upload in Cisco Intelligent Automation for Cloud by Cisco
CVE-2014-3349

Currently unrated

Key Information:

Vendor: Cisco
Status: Cloud Portal
Vendor: CVE Published:; 29 August 2014

Summary

The Cisco Intelligent Automation for Cloud fails to properly validate file types during file submissions. This oversight permits remote authenticated users to exploit the system by uploading arbitrary files through crafted requests, posing significant security risks to the overall environment. Organizations leveraging this product must evaluate their security configurations to mitigate potential threats associated with unauthorized file uploads.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1030783

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/95586

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 29, 2014
Vulnerability Reserved
May 7, 2014