Lucene search

[email protected]CVE-2016-1408

HistoryJul 02, 2016 - 2:59 p.m.

CVE-2016-1408

2016-07-0214:59:07

CWE-20

[email protected]

web.nvd.nist.gov

cisco

prime infrastructure

epnm

arbitrary command execution

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.0%

JSON

Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.

Affected configurations

NVD

Node

ciscoprime_infrastructureMatch1.2

ciscoprime_infrastructureMatch1.2.0.103

ciscoprime_infrastructureMatch1.2.1

ciscoprime_infrastructureMatch1.3

ciscoprime_infrastructureMatch1.3.0.20

ciscoprime_infrastructureMatch1.4

ciscoprime_infrastructureMatch1.4.0.45

ciscoprime_infrastructureMatch1.4.1

ciscoprime_infrastructureMatch1.4.2

ciscoprime_infrastructureMatch2.0

ciscoprime_infrastructureMatch2.1.0

ciscoprime_infrastructureMatch2.2

ciscoprime_infrastructureMatch2.2\(2\)

ciscoprime_infrastructureMatch3.0

ciscoprime_infrastructureMatch3.1

Node

ciscoevolved_programmable_network_managerMatch1.2.0

ciscoevolved_programmable_network_managerMatch1.2.1.3

ciscoevolved_programmable_network_managerMatch1.2.200

ciscoevolved_programmable_network_managerMatch1.2.300

ciscoevolved_programmable_network_managerMatch1.2.400

ciscoevolved_programmable_network_managerMatch1.2.500

CPENameOperatorVersion
cisco:prime_infrastructurecisco prime infrastructureeq1.2
cisco:prime_infrastructurecisco prime infrastructureeq1.2.0.103
cisco:prime_infrastructurecisco prime infrastructureeq1.2.1
cisco:prime_infrastructurecisco prime infrastructureeq1.3
cisco:prime_infrastructurecisco prime infrastructureeq1.3.0.20
cisco:prime_infrastructurecisco prime infrastructureeq1.4
cisco:prime_infrastructurecisco prime infrastructureeq1.4.0.45
cisco:prime_infrastructurecisco prime infrastructureeq1.4.1
cisco:prime_infrastructurecisco prime infrastructureeq1.4.2
cisco:prime_infrastructurecisco prime infrastructureeq2.0

CPE	Name	Operator	Version
cisco:prime_infrastructure	cisco prime infrastructure	eq	1.2
cisco:prime_infrastructure	cisco prime infrastructure	eq	1.2.0.103
cisco:prime_infrastructure	cisco prime infrastructure	eq	1.2.1
cisco:prime_infrastructure	cisco prime infrastructure	eq	1.3
cisco:prime_infrastructure	cisco prime infrastructure	eq	1.3.0.20
cisco:prime_infrastructure	cisco prime infrastructure	eq	1.4
cisco:prime_infrastructure	cisco prime infrastructure	eq	1.4.0.45
cisco:prime_infrastructure	cisco prime infrastructure	eq	1.4.1
cisco:prime_infrastructure	cisco prime infrastructure	eq	1.4.2
cisco:prime_infrastructure	cisco prime infrastructure	eq	2.0

Rows per page:

1-10 of 151

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm

www.securityfocus.com/bid/91506

www.securitytracker.com/id/1036197

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.0%

JSON

Related for CVE-2016-1408

openvas1 cvelist1 nvd1 prion1 cisco1