CVE-2019-1906

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions (affected versions not specified) Cisco Evolved Programmable Network (EPN) Manager versions (affected versions not specified)

Description The issue is related to errors in API request validation in the Virtual Domain component of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager. This could allow a remote attacker to modify the virtual domain configuration and potentially elevate privileges. The vulnerability can be exploited by manipulating API requests sent to an affected server.

Recommendations For Cisco Prime Infrastructure, update to a version that fixes the improper validation of API requests to prevent configuration changes and privilege escalation. For Cisco Evolved Programmable Network (EPN) Manager, update to a version that fixes the improper validation of API requests to prevent configuration changes and privilege escalation. As a temporary workaround, consider restricting access to the Virtual Domain component until a patch is available. Avoid using the vulnerable API endpoints until the issue is resolved.