CVE-2016-1291
published 2016-04-06CVE-2016-1291: Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via…
PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.77%
93.2th percentile
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure | — | — |
| cisco | prime_infrastructure_and_evolved_programmable_network_manager | — | — |
| sun | opensolaris | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is an unauthenticated HTTP POST request containing crafted deserialized user data targeting the web interface of Cisco Prime Infrastructure or EPNM ↗
- →Successful exploitation results in code execution with root-level privileges; post-exploitation activity from a non-root web process suddenly running as root may indicate compromise ↗
- →The attack requires no authentication; monitor for unexpected or unauthenticated HTTP POST requests to the Cisco Prime Infrastructure / EPNM web interface endpoints ↗
- ·Affected versions are Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco EPNM 1.2; detections should be scoped to these versions ↗
- ·No workarounds are available; patching is the only mitigation per Cisco ↗
- ·Two Cisco Bug IDs are associated with this vulnerability: CSCuw03192 and CSCuy10236; use these for vendor patch tracking ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_cisco9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mc9x-v9ph-cjgq: Cisco Prime Infrastructure 1
ghsa_unreviewed·2022-05-14
CVE-2016-1291 [CRITICAL] CWE-20 GHSA-mc9x-v9ph-cjgq: Cisco Prime Infrastructure 1
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
Cisco
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
vendor_cisco·2016-04-06·CVSS 9.3
CVE-2016-1291 [CRITICAL] CWE-20 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending an HTTP POST with crafted deserialized user data. An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be used to conduct further attacks.
Cisco has released software updates that address this vulnerability. Workarounds are not available.
This advisory is availabl
Cisco
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
vendor_cisco
CVE-2016-1291 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
CVE-2016-1291: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending an HTTP POST with crafted deserialized user data. An exploit could allow the attacker to execute arbitrary code with root -level privileges on the affected system, which could be used to conduct further attacks. Cisco has released software updates that address this vulnerability.
CWE: CWE-20, CWE-20
Bug IDs: CSCuw03192, CSC
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcodehttp://www.securitytracker.com/id/1035497https://blogs.securiteam.com/index.php/archives/2727http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcodehttp://www.securitytracker.com/id/1035497https://blogs.securiteam.com/index.php/archives/2727
2016-04-06
Published