cbcvebase.
CVE-2016-1388
published 2016-06-03

CVE-2016-1388: Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before…

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.66%
73.8th percentile
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882.

Affected

13 ranges
VendorProductVersion rangeFixed in
ciscoprime_network_analysis_module_software
ciscoprime_network_analysis_module_software
ciscoprime_network_analysis_module_software
ciscoprime_network_analysis_module_software
ciscoprime_network_analysis_module_software
ciscoprime_network_analysis_module_software
ciscoprime_network_analysis_module_software
ciscoprime_network_analysis_module_software
ciscoprime_network_analysis_module_software
ciscoprime_network_analysis_module_unauthenticated
ciscoprime_virtual_network_analysis_module_software
ciscoprime_virtual_network_analysis_module_software
ciscoprime_virtual_network_analysis_module_software

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is a crafted HTTP request to the web interface of Cisco Prime NAM/vNAM; monitor for anomalous or malformed HTTP requests targeting the device's web interface that may contain OS command injection payloads
  • The vulnerability allows unauthenticated remote code execution; alert on unexpected OS command execution or child processes spawned by the web server process on Cisco Prime NAM/vNAM devices
  • Root cause is unsanitized user input passed to an external OS command from the web interface; inspect HTTP request parameters for shell metacharacters or command injection sequences targeting Cisco Prime NAM web endpoints
  • ·Affected versions: Cisco Prime NAM before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1); Prime vNAM before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1). Ensure patched versions are deployed.
  • ·No workarounds are available for this vulnerability; patching is the only mitigation.
  • ·Exploitation does not require authentication; the attacker can be fully unauthenticated, making network-level access controls critical as a compensating control.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.