CVE-2019-1822
published 2019-05-16CVE-2019-1822: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_prime_infrastructure | — | — |
| cisco | evolved_programmable_network_manager | < 3.0.1 | 3.0.1 |
| cisco | prime_infrastructure | < 3.4.1 | 3.4.1 |
| cisco | prime_infrastructure_and_evolved_programmable_network_manager | — | — |