CVE-2019-1821
published 2019-05-16CVE-2019-1821: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_prime_infrastructure | — | — |
| cisco | evolved_programmable_network_manager | < 3.0.1 | 3.0.1 |
| cisco | network_level_service | — | — |
| cisco | prime_infrastructure | < 3.4.1 | 3.4.1 |
| cisco | prime_infrastructure_and_evolved_programmable_network_manager | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH