CVE-2016-1408

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions 1.2 through 3.1 Evolved Programmable Network Manager (EPNM) versions 1.2 and 2.0

Description The issue exists due to insufficient input validation in the software, allowing a remote attacker to upload files or execute arbitrary commands using a specially crafted HTTP request.

Recommendations For Cisco Prime Infrastructure versions 1.2 through 3.1, update the software to a version that includes the necessary security patches. For Evolved Programmable Network Manager (EPNM) versions 1.2 and 2.0, update the software to a version that includes the necessary security patches. As a temporary workaround, consider restricting access to the affected HTTP endpoints to minimize the risk of exploitation.