CVE-2019-1822

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure (affected versions not specified) Cisco Evolved Programmable Network Manager (affected versions not specified)

Description The issue is related to improper validation of user-supplied input in the web-based management interface, which could allow a remote attacker to execute code with root-level privileges on the underlying operating system. An attacker could exploit this by uploading a malicious file to the administrative web interface.

Recommendations For Cisco Prime Infrastructure, consider disabling the web-based management interface until a patch is available. For Cisco Evolved Programmable Network Manager, restrict access to the administrative web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.