Description
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035497
Third Party Advisory, VDB Entry x_refsource_misc
https://blogs.securiteam.com/index.php/archives/2727
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode
Scores
CVSS v3
9.8
EPSS
0.0232
EPSS Percentile
85.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (14)
cisco/evolved_programmable_network_manager
1.2.0
cisco/prime_infrastructure
1.2
cisco/prime_infrastructure
1.2.0.103
cisco/prime_infrastructure
1.2.1
cisco/prime_infrastructure
1.3
cisco/prime_infrastructure
1.3.0.20
cisco/prime_infrastructure
1.4
cisco/prime_infrastructure
1.4.0.45
cisco/prime_infrastructure
1.4.1
cisco/prime_infrastructure
1.4.2
... and 4 more
Published
Apr 06, 2016
Tracked Since
Feb 18, 2026