CVE-2019-1823 — Improper Input Validation in Cisco Evolved Programmable Network Manager

CWE-20 — Improper Input Validation6 documents6 sources

Severity

7.2HIGHNVD

CNA8.8

EPSS

1.5%

top 18.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure Cisco Prime Infrastructure +1 more

Timeline

PublishedMay 16

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

▶NVDcisco/evolved_programmable_network_manager< 3.0.1

▶NVDcisco/network_level_service3.0\(0.0.83b\)

▶NVDcisco/prime_infrastructure< 3.4.1

▶CVEListV5cisco/cisco_prime_infrastructure3.4

🔴Vulnerability Details

GHSA

GHSA-wv6g-qwmr-mc4x: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could al↗2022-05-24

▶

CVEList

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities↗2019-05-16

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities↗2019-05-15

▶

💬Community

Bugzilla

CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)↗2019-06-21

▶