PT-2016-1646 · Cisco · Cisco Evolved Programmable Network Manager+1

Publicado

2016-04-06

Atualizado

2019-07-29

CVE-2016-1291

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Evolved Programmable Network Manager versions 1.2 Cisco Prime Infrastructure versions 1.2.0 through 2.2(2)

Description The issue exists due to insufficient input validation, allowing a remote attacker to execute arbitrary code by sending a specially crafted HTTP POST request with deserialized data.

Recommendations For Cisco Evolved Programmable Network Manager version 1.2, update to a version that addresses the issue. For Cisco Prime Infrastructure versions 1.2.0 through 2.2(2), update to a version that addresses the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2016-00958

CVE-2016-1291

Produtos afetados

Cisco Evolved Programmable Network Manager

Cisco Prime Infrastructure

PT-2016-1646 · Cisco · Cisco Evolved Programmable Network Manager+1

CVE-2016-1291

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6