CVE-2016-1289

CWE-119Buffer Overflow5 documents5 sources
Severity
9.8CRITICAL
EPSS
2.7%
top 14.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Evolved Programmable Network ManagerCisco Prime Infrastructure
Timeline
PublishedJul 2
Latest updateMay 14

Description

The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDcisco/prime_infrastructure13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-g76g-q3mj-m73g: The API in Cisco Prime Infrastructure 12022-05-14
CVEList
CVE-2016-1289: The API in Cisco Prime Infrastructure 12016-07-02

📋Vendor Advisories

2
Red Hat
openjpeg2: Multiple security issues2016-10-27
Cisco
Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability2016-06-29
CVE-2016-1289 (CRITICAL CVSS 9.8) | The API in Cisco Prime Infrastructu | cvebase.io