CVE-2019-1819

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions (affected versions not specified) Cisco Evolved Programmable Network (EPN) Manager versions (affected versions not specified)

Description The issue is related to errors in processing HTTP requests in the web-based management interface. It could allow a remote attacker to gain access to restricted information by sending a specially crafted HTTP request. The vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames, allowing an attacker to use directory traversal techniques to access restricted files.

Recommendations For Cisco Prime Infrastructure, consider restricting access to the web-based management interface until a fix is available. For Cisco Evolved Programmable Network (EPN) Manager, avoid using user-supplied input in HTTP request parameters that describe filenames until the issue is resolved. As a temporary workaround, consider disabling directory traversal techniques in the web-based management interface of both products until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.