CVE-2016-1408

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGH

EPSS

0.4%

top 42.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure

Timeline

PublishedJul 2

Latest updateMay 14

Description

Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/evolved_programmable_network_manager6 versions+5

▶NVDcisco/prime_infrastructure15 versions+14

🔴Vulnerability Details

GHSA

GHSA-hcfc-q3x9-gc6f: Cisco Prime Infrastructure 1↗2022-05-14

▶

CVEList

CVE-2016-1408: Cisco Prime Infrastructure 1↗2016-07-02

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authenticated Remote Code Execution Vulnerability↗2016-06-29

▶