CVE-2016-1289

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions 1.2 through 3.0 Evolved Programmable Network Manager (EPNM) version 1.2

Description The issue is caused by a buffer overflow in the program interface of the network lifecycle management tool. It may allow a remote attacker to execute arbitrary code or gain access to protected information by sending a specially crafted HTTP request.

Recommendations For Cisco Prime Infrastructure versions 1.2 through 3.0, consider restricting access to the API until a patch is available. For Evolved Programmable Network Manager (EPNM) version 1.2, avoid using the vulnerable API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.