CVE-2014-0679Improper Input Validation in Cisco Prime Infrastructure

CWE-20Improper Input ValidationCWE-78OS Command Injection4 documents4 sources
Severity
9.0CRITICALNVD
EPSS
0.6%
top 30.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Prime Infrastructure
Timeline
PublishedFeb 27
Latest updateMay 14

Description

Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

NVDcisco/prime_infrastructure6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-6xc4-2r77-272c: Cisco Prime Infrastructure 12022-05-14
CVEList
CVE-2014-0679: Cisco Prime Infrastructure 12014-02-27

📋Vendor Advisories

1
Cisco
Cisco Prime Infrastructure Command Execution Vulnerability2014-02-26
CVE-2014-0679 — Improper Input Validation in Cisco | cvebase