CVE-2019-15958

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) (affected versions not specified)

Description A vulnerability in the REST API of the affected systems could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The issue is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this by uploading a malicious file during the HA registration period, potentially allowing the execution of arbitrary code with root-level privileges. This vulnerability can only be exploited during the HA registration period.

Recommendations For Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM), as a temporary workaround, consider restricting access to the REST API during the HA registration period to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.