Jérôme Nokin

**Name of the Vulnerable Software and Affected Versions** Cisco Prime Infrastructure (affected versions not specified) Cisco Evolved Programmable Network (EPN) Manager (affected versions not specified) **Description** The issue is related to the improper processing of command line arguments to application scripts in the application CLI of the affected systems. This could allow an authenticated, local attacker to gain escalated privileges by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system. **Recommendations** For Cisco Prime Infrastructure, consider restricting access to the application CLI until a patch is available. For Cisco Evolved Programmable Network (EPN) Manager, avoid using malicious options in the CLI commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Prime Infrastructure (affected versions not specified) Cisco Evolved Programmable Network (EPN) Manager (affected versions not specified) **Description** A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This issue is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this by submitting malicious input containing script or HTML content within requests that would be stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application. **Recommendations** For Cisco Prime Infrastructure, consider disabling the web-based management interface until a patch is available. For Cisco Evolved Programmable Network (EPN) Manager, restrict access to the web-based management interface to minimize the risk of exploitation. As a temporary workaround, avoid using the web-based management interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Prime Infrastructure versions (affected versions not specified) Cisco Evolved Programmable Network (EPN) Manager versions (affected versions not specified) **Description** The issue is related to improper processing of objects in memory, specifically serialized Java objects, in the web-based management interface of the affected systems. This could allow a remote attacker to execute arbitrary commands on the underlying operating system. An attacker could exploit this by uploading a document containing malicious serialized Java objects to be processed by the affected application. **Recommendations** For Cisco Prime Infrastructure, consider restricting access to the web-based management interface until a fix is available. For Cisco Evolved Programmable Network (EPN) Manager, avoid using the vulnerable web-based management interface until the issue is resolved. As a temporary workaround, consider disabling the upload of documents to the affected application until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Prime Infrastructure (affected versions not specified) Cisco Evolved Programmable Network Manager (EPNM) (affected versions not specified) **Description** A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This is due to improper validation of user-submitted parameters. An attacker could exploit this by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information stored in the underlying database. **Recommendations** For Cisco Prime Infrastructure, update to a version that includes the fix for this issue. For Cisco Evolved Programmable Network Manager (EPNM), update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using user-submitted parameters in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.