CVE-2016-1388

CRITICAL

Cisco Prime Network Analysis Module < 6.1(1) patch.6.1-2-final and 6.2.x < 6.2(1) - Remote Code Execution

Title source: llm

Description

Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036013

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime

Scores

CVSS v3 9.8

EPSS 0.0166

EPSS Percentile 73.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (13)

cisco/network_analysis_module

cisco/prime_network_analysis_module_software 5.0.0

cisco/prime_network_analysis_module_software 5.0.1

cisco/prime_network_analysis_module_software 5.0.2

cisco/prime_network_analysis_module_software 5.1.0

cisco/prime_network_analysis_module_software 5.1.2

cisco/prime_network_analysis_module_software 6.0.2

cisco/prime_network_analysis_module_software 6.1.0

cisco/prime_network_analysis_module_software 6.1.1

cisco/prime_network_analysis_module_software 6.2.0

... and 3 more

Published Jun 03, 2016

Tracked Since Feb 18, 2026