CVE-2016-1388
published 2016-06-03CVE-2016-1388: Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before…
PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.66%
73.8th percentile
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_unauthenticated | — | — |
| cisco | prime_virtual_network_analysis_module_software | — | — |
| cisco | prime_virtual_network_analysis_module_software | — | — |
| cisco | prime_virtual_network_analysis_module_software | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a crafted HTTP request to the web interface of Cisco Prime NAM/vNAM; monitor for anomalous or malformed HTTP requests targeting the device's web interface that may contain OS command injection payloads ↗
- →The vulnerability allows unauthenticated remote code execution; alert on unexpected OS command execution or child processes spawned by the web server process on Cisco Prime NAM/vNAM devices ↗
- →Root cause is unsanitized user input passed to an external OS command from the web interface; inspect HTTP request parameters for shell metacharacters or command injection sequences targeting Cisco Prime NAM web endpoints ↗
- ·Affected versions: Cisco Prime NAM before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1); Prime vNAM before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1). Ensure patched versions are deployed. ↗
- ·No workarounds are available for this vulnerability; patching is the only mitigation. ↗
- ·Exploitation does not require authentication; the attacker can be fully unauthenticated, making network-level access controls critical as a compensating control. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6r2x-9rmj-px47: Cisco Prime Network Analysis Module (NAM) before 6
ghsa_unreviewed·2022-05-17
CVE-2016-1388 [CRITICAL] CWE-77 GHSA-6r2x-9rmj-px47: Cisco Prime Network Analysis Module (NAM) before 6
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882.
Cisco
Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
vendor_cisco·2016-06-01·CVSS 7.5
CVE-2016-1388 [HIGH] CWE-20 Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server.
The vulnerability is due to a failure to properly sanitize user input prior to executing an external command derived from the input. An attacker could exploit the vulnerability by submitting a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands or code on the underlying operating system with the reduced privileges of the web server.
Cisco has released software updates that address this vulne
Cisco
Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
vendor_cisco
CVE-2016-1388 Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
CVE-2016-1388: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server. The vulnerability is due to a failure to properly sanitize user input prior to executing an external command derived from the input. An attacker could exploit the vulnerability by submitting a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands or code on the underlying operating system with the reduced privileges of the web server. Cisco has released software updates that addres
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-06-03
Published