CVE-2016-1442 — Improper Input Validation in Cisco Prime Infrastructure

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 28.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Infrastructure

Timeline

PublishedJul 7

Latest updateMay 14

Description

The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/prime_infrastructure3.0, 3.1+1

🔴Vulnerability Details

GHSA

GHSA-4xcw-6wfp-8h2m: The administrative web interface in Cisco Prime Infrastructure (PI) before 3↗2022-05-14

▶

CVEList

CVE-2016-1442: The administrative web interface in Cisco Prime Infrastructure (PI) before 3↗2016-07-07

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure Administrative Web Interface HTML Injection Vulnerability↗2016-07-06

▶