CVE-2019-1822Improper Input Validation in Cisco Evolved Programmable Network Manager

CWE-20Improper Input Validation4 documents4 sources
Severity
7.2HIGHNVD
EPSS
2.2%
top 15.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Evolved Programmable Network ManagerCisco Prime InfrastructureCisco Prime Infrastructure
Timeline
PublishedMay 16
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-pv8m-g3qq-m46q: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could al2022-05-24
CVEList
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities2019-05-16

📋Vendor Advisories

1
Cisco
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities2019-05-15
CVE-2019-1822 — Improper Input Validation in Cisco | cvebase