cbcvebase.
CVE-2016-1291
published 2016-04-06

CVE-2016-1291: Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via…

PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.77%
93.2th percentile
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

Affected

15 ranges
VendorProductVersion rangeFixed in
ciscoevolved_programmable_network_manager
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure
ciscoprime_infrastructure_and_evolved_programmable_network_manager
sunopensolaris

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is an unauthenticated HTTP POST request containing crafted deserialized user data targeting the web interface of Cisco Prime Infrastructure or EPNM
  • Successful exploitation results in code execution with root-level privileges; post-exploitation activity from a non-root web process suddenly running as root may indicate compromise
  • The attack requires no authentication; monitor for unexpected or unauthenticated HTTP POST requests to the Cisco Prime Infrastructure / EPNM web interface endpoints
  • ·Affected versions are Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco EPNM 1.2; detections should be scoped to these versions
  • ·No workarounds are available; patching is the only mitigation per Cisco
  • ·Two Cisco Bug IDs are associated with this vulnerability: CSCuw03192 and CSCuy10236; use these for vendor patch tracking

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_cisco9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.