CVE-2019-1823

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions (affected versions not specified) Cisco Evolved Programmable Network Manager versions (affected versions not specified)

Description The issue is related to improper validation of user-supplied input in the web-based management interface. This could allow a remote attacker to execute arbitrary code with root-level privileges on the underlying operating system. The attacker could exploit this by uploading a malicious file to the administrative web interface.

Recommendations For Cisco Prime Infrastructure, update to a version that properly validates user input to prevent exploitation. For Cisco Evolved Programmable Network Manager, restrict access to the web-based management interface until a fix is applied, and consider disabling file upload functionality as a temporary workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.