Guest

Preview Tool

Cisco Bug: CSCuo09165 - File in tftp folder can be downloaded over https without authentication

Last Modified

Sep 29, 2014

Products (1)

  • Cisco Prime Infrastructure

Known Affected Releases

2.2(0.0.56)

Description (partial)

Symptom:
/opt/CSCOlumos/tomcat/webapps/swimtemp...This is a link to tftp folder. Effectively, we will expose any file (configuration or image) we place under this folder to an unauthenticated user. This is a security risk.

Conditions:
SWIM,Config archive uses this location to put the files in this ,if the some knows the file name and they can download the same from PI
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.