CVE-2019-1823

HIGH

Cisco Prime Infrastructure/EPN Manager - RCE

Title source: llm
STIX 2.1

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/108339

Scores

CVSS v3 8.8
EPSS 0.0442
EPSS Percentile 90.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-20
Status published
Products (3)
cisco/evolved_programmable_network_manager < 3.0.1
cisco/network_level_service 3.0\(0.0.83b\)
cisco/prime_infrastructure < 3.4.1
Published May 16, 2019
Tracked Since Feb 18, 2026