cbcvebase.
CVE-2016-1289
published 2016-07-02

CVE-2016-1289: The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or…

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.15%
92.6th percentile
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.

Affected

15 ranges
VendorProductVersion rangeFixed in
ciscoevolved_programmable_network_manager
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure_and_evolved_programmable_network_manager

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit targets unauthenticated URIs in the Cisco Prime Infrastructure / EPNM API via crafted HTTP requests — monitor for unexpected or unauthenticated access to API endpoints on these platforms
  • Successful exploitation may result in malicious code upload to the application server — alert on unexpected file writes or deployments on Cisco Prime Infrastructure or EPNM application servers
  • Exploitation can expose managed-device credentials — investigate any anomalous outbound data exfiltration or credential harvesting activity from Prime Infrastructure or EPNM hosts
  • ·Affects Cisco Prime Infrastructure versions 1.2 through 3.0 and EPNM version 1.2; scope detection rules to these specific product versions
  • ·No workarounds exist for this vulnerability; patching is the only remediation — unpatched systems remain fully exposed to unauthenticated API exploitation
  • ·Multiple Cisco Bug IDs are associated with this advisory (CSCuv56851, CSCuy10231, CSCuz01475); ensure all are tracked when cross-referencing patch status

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.