PT-2016-1646 · Cisco · Cisco Evolved Programmable Network Manager+1

Published

2016-04-06

Updated

2019-07-29

CVE-2016-1291

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Evolved Programmable Network Manager versions 1.2 Cisco Prime Infrastructure versions 1.2.0 through 2.2(2)

Description The issue exists due to insufficient input validation, allowing a remote attacker to execute arbitrary code by sending a specially crafted HTTP POST request with deserialized data.

Recommendations For Cisco Evolved Programmable Network Manager version 1.2, update to a version that addresses the issue. For Cisco Prime Infrastructure versions 1.2.0 through 2.2(2), update to a version that addresses the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2016-00958

CVE-2016-1291

Affected Products

Cisco Evolved Programmable Network Manager

Cisco Prime Infrastructure

PT-2016-1646 · Cisco · Cisco Evolved Programmable Network Manager+1

CVE-2016-1291

Weakness Enumeration

Related Identifiers

Affected Products

References · 6