CVE-2016-1291

CRITICAL

Cisco Prime Infrastructure <2.2 - Code Injection

Title source: llm

Description

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

References (3)

Scores

CVSS v3 9.8
EPSS 0.0232
EPSS Percentile 84.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-20
Status draft

Affected Products (14)

cisco/evolved_programmable_network_manager
cisco/prime_infrastructure
cisco/prime_infrastructure
cisco/prime_infrastructure
cisco/prime_infrastructure
cisco/prime_infrastructure
cisco/prime_infrastructure
cisco/prime_infrastructure
cisco/prime_infrastructure
cisco/prime_infrastructure
cisco/prime_infrastructure
cisco/prime_infrastructure
cisco/prime_infrastructure
sun/opensolaris

Timeline

Published Apr 06, 2016
Tracked Since Feb 18, 2026