CVE-2019-1819

CWE-22 — Path Traversal4 documents4 sources

Severity

6.5MEDIUM

EPSS

10.7%

top 6.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure Cisco Cisco Prime Infrastructure

Timeline

PublishedMay 16

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/evolved_programmable_network_manager< 3.0.1

▶NVDcisco/prime_infrastructure< 3.4

▶CVEListV5cisco/cisco_prime_infrastructure3.4

🔴Vulnerability Details

GHSA

GHSA-rxw5-q35g-8ph9: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software coul↗2022-05-24

▶

CVEList

Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability↗2019-05-16

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability↗2019-05-15

▶