CVE-2016-1408

HIGH

Cisco Prime Infrastructure <3.1 - Authenticated RCE

Title source: llm
STIX 2.1

Description

Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036197
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91506

Scores

CVSS v3 8.8
EPSS 0.0249
EPSS Percentile 82.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (21)
cisco/evolved_programmable_network_manager 1.2.0
cisco/evolved_programmable_network_manager 1.2.1.3
cisco/evolved_programmable_network_manager 1.2.200
cisco/evolved_programmable_network_manager 1.2.300
cisco/evolved_programmable_network_manager 1.2.400
cisco/evolved_programmable_network_manager 1.2.500
cisco/prime_infrastructure 1.2
cisco/prime_infrastructure 1.2.0.103
cisco/prime_infrastructure 1.2.1
cisco/prime_infrastructure 1.3
... and 11 more
Published Jul 02, 2016
Tracked Since Feb 18, 2026