CVE-2019-1821

HIGH EXPLOITED NUCLEI

Cisco Prime Infrastructure/EPN Manager - RCE

Title source: llm

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/47016
exploitdb WORKING POC VERIFIED
by mr_me · pythonremotelinux
https://www.exploit-db.com/exploits/47686
nomisec WORKING POC 142 stars
by k8gege · remote
https://github.com/k8gege/CiscoExploit
gitlab WORKING POC
by FiveO · poc
https://gitlab.com/FiveO/CiscoExploit
metasploit WORKING POC EXCELLENT
by Steven Seeley, sinn3r · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cpi_tararchive_upload.rb

Nuclei Templates (1)

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution
CRITICALby _0xf4n9x_
Shodan: http.title:"prime infrastructure"
FOFA: title="prime infrastructure"

References (3)

Scores

CVSS v3 8.8
EPSS 0.9404
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-11-15
CWE
CWE-20
Status published
Products (3)
cisco/evolved_programmable_network_manager < 3.0.1
cisco/network_level_service 3.0\(0.0.83b\)
cisco/prime_infrastructure < 3.4.1
Published May 16, 2019
Tracked Since Feb 18, 2026