{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T21:06:41.436","vulnerabilities":[{"cve":{"id":"CVE-2018-0394","sourceIdentifier":"psirt@cisco.com","published":"2018-07-18T23:29:01.243","lastModified":"2024-11-21T03:38:08.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter. Cisco Bug IDs: CSCvi12935."},{"lang":"es","value":"Una vulnerabilidad en la función de subida web de Cisco Cloud Services Platform 2100 podría permitir que un atacante remoto autenticado obtenga acceso shell restringido en un sistema afectado. La vulnerabilidad se debe a una validación de entrada insuficiente de parámetros que se pasan una función específica de la interfaz de usuario. Un atacante podría explotar esta vulnerabilidad inyectando código en un parámetro de función. Cisco Bug IDs: CSCvi12935."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cloud_services_platform_2100:2.2\\(4\\):*:*:*:*:*:*:*","matchCriteriaId":"C820C299-1C68-4A16-8EDF-72F2F855D733"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/104881","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-csp2100-injection","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/104881","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-csp2100-injection","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}