CVE-2019-1820

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager (affected versions not specified)

Description The issue is related to errors in processing HTTP requests in the web-based management interface of the affected software. This could allow a remote attacker to gain access to restricted information by sending a specially crafted HTTP request. The vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames, allowing an attacker to use directory traversal techniques to view application files that may contain sensitive information.

Recommendations For Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, consider disabling the ability to download and view files within the application to minimize the risk of exploitation. Avoid using directory traversal techniques in HTTP request parameters to prevent submitting a path to a desired file location until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.