CVE-2016-1390
published 2016-06-04CVE-2016-1390: Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before…
PriorityP337high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.35%
26.9th percentile
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | prime_network_analysis_module_local | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_network_analysis_module_software | — | — |
| cisco | prime_virtual_network_analysis_module_software | — | — |
| cisco | prime_virtual_network_analysis_module_software | — | — |
| cisco | prime_virtual_network_analysis_module_software | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Prime Network Analysis Module Local Command Injection Vulnerability
vendor_cisco·2016-06-01·CVSS 6.8
CVE-2016-1390 [MEDIUM] CWE-20 Cisco Prime Network Analysis Module Local Command Injection Vulnerability
Cisco Prime Network Analysis Module Local Command Injection Vulnerability
A vulnerability in the command-line interface (CLI) of Cisco Prime Network Analysis Module (NAM) and Cisco Prime Virtual Network Analysis Module (vNAM) could allow a local, authenticated attacker to execute arbitrary commands on the host operating system with elevated privileges.
The vulnerability is due to insufficient sanitization of user-supplied input that is passed to a specific command before the input is used in subsequent operations. An attacker could exploit this vulnerability by submitting crafted input to the command. A successful exploit could allow the attacker to execute arbitrary commands on the host operating system with root privileges.
Cisco has released software updates that address this vulnera
Cisco
Cisco Prime Network Analysis Module Local Command Injection Vulnerability
vendor_cisco
CVE-2016-1390 Cisco Prime Network Analysis Module Local Command Injection Vulnerability
CVE-2016-1390: Cisco Prime Network Analysis Module Local Command Injection Vulnerability
A vulnerability in the command-line interface (CLI) of Cisco Prime Network Analysis Module (NAM) and Cisco Prime Virtual Network Analysis Module (vNAM) could allow a local, authenticated attacker to execute arbitrary commands on the host operating system with elevated privileges. The vulnerability is due to insufficient sanitization of user-supplied input that is passed to a specific command before the input is used in subsequent operations. An attacker could exploit this vulnerability by submitting crafted input to the command. A successful exploit could allow the attacker to execute arbitrary commands on the host operating system with root privileges. Cisco has released software updates that address
GHSA
GHSA-vcpr-g527-vqvc: Cisco Prime Network Analysis Module (NAM) before 6
ghsa_unreviewed·2022-05-17
CVE-2016-1390 [HIGH] CWE-20 GHSA-vcpr-g527-vqvc: Cisco Prime Network Analysis Module (NAM) before 6
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-06-04
Published