CVE-2016-1289
published 2016-07-02CVE-2016-1289: The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.15%
92.6th percentile
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure_and_evolved_programmable_network_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit targets unauthenticated URIs in the Cisco Prime Infrastructure / EPNM API via crafted HTTP requests — monitor for unexpected or unauthenticated access to API endpoints on these platforms ↗
- →Successful exploitation may result in malicious code upload to the application server — alert on unexpected file writes or deployments on Cisco Prime Infrastructure or EPNM application servers ↗
- →Exploitation can expose managed-device credentials — investigate any anomalous outbound data exfiltration or credential harvesting activity from Prime Infrastructure or EPNM hosts ↗
- ·Affects Cisco Prime Infrastructure versions 1.2 through 3.0 and EPNM version 1.2; scope detection rules to these specific product versions ↗
- ·No workarounds exist for this vulnerability; patching is the only remediation — unpatched systems remain fully exposed to unauthenticated API exploitation ↗
- ·Multiple Cisco Bug IDs are associated with this advisory (CSCuv56851, CSCuy10231, CSCuz01475); ensure all are tracked when cross-referencing patch status ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
openjpeg2: Multiple security issues
vendor_redhat·2016-10-27·CVSS 6.5
CVE-2016-9117 [MEDIUM] openjpeg2: Multiple security issues
openjpeg2: Multiple security issues
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
Package: openjpeg (Red Hat Enterprise Linux 6) - Not affected
Package: openjpeg (Red Hat Enterprise Linux 7) - Not affected
Cisco
Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
vendor_cisco·2016-06-29·CVSS 10.0
CVE-2016-1289 [CRITICAL] CWE-119 Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
A vulnerability in the application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to access and control the API resources.
The vulnerability is due to improper input validation of HTTP requests for unauthenticated URIs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected URIs. Successful exploitation of this vulnerability could allow the attacker to upload malicious code to the application server or read unauthorized management data, such as credentials of devices managed by Cisco Prime Infrastructure or EPNM.
Cisco has release
Cisco
Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
vendor_cisco
CVE-2016-1289 Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
CVE-2016-1289: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
A vulnerability in the application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to access and control the API resources. The vulnerability is due to improper input validation of HTTP requests for unauthenticated URIs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected URIs. Successful exploitation of this vulnerability could allow the attacker to upload malicious code to the application server or read unauthorized management data, such as credentials of devices managed by Cisco Prime Infrastructure or EPNM. Cisco
GHSA
GHSA-g76g-q3mj-m73g: The API in Cisco Prime Infrastructure 1
ghsa_unreviewed·2022-05-14
CVE-2016-1289 [CRITICAL] CWE-119 GHSA-g76g-q3mj-m73g: The API in Cisco Prime Infrastructure 1
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypasshttp://www.securityfocus.com/bid/91504http://www.securitytracker.com/id/1036195http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypasshttp://www.securityfocus.com/bid/91504http://www.securitytracker.com/id/1036195
2016-07-02
Published