CVE-2016-1291

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.8CRITICAL

EPSS

2.3%

top 15.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure SUN Opensolaris

Timeline

PublishedApr 6

Latest updateMay 14

Description

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDcisco/evolved_programmable_network_manager1.2.0

▶NVDcisco/prime_infrastructure12 versions+11

▶NVDsun/opensolarissnv_124

🔴Vulnerability Details

GHSA

GHSA-mc9x-v9ph-cjgq: Cisco Prime Infrastructure 1↗2022-05-14

▶

CVEList

CVE-2016-1291: Cisco Prime Infrastructure 1↗2016-04-06

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability↗2016-04-06

▶