CVE-2016-1291
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
Known Affected Software
14 configuration(s) from 2 vendor(s)
prime_infrastructure
Version:
1.3.0.20
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.2.0.103
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.3
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*
prime_infrastructure
Version:
2.1.0
CPE:
cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.2
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*
evolved_programmable_network_manager
Version:
1.2.0
CPE:
cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.0:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.4.2
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.2.1
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*
prime_infrastructure
Version:
2.0
CPE:
cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.4.0.45
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.4
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*
prime_infrastructure
Version:
2.2
CPE:
cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.4.1
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*
opensolaris
Version:
snv_124
CPE:
cpe:2.3:o:sun:opensolaris:snv_124:*:*:*:*:*:*:*
This vulnerability affects 14 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcodepsirt@cisco.com Vendor Advisory
-
http://www.securitytracker.com/id/1035497psirt@cisco.com
-
https://blogs.securiteam.com/index.php/archives/2727psirt@cisco.com Third Party Advisory VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcodeaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.securitytracker.com/id/1035497af854a3a-2127-422b-91ae-364da2661108
-
https://blogs.securiteam.com/index.php/archives/2727af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-20
Top 25 #14
Improper Input Validation
- Description
- The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- April 06, 2016
