Cisco Prime Infrastructure Administrative Web Interface HTML Injection Vulnerability

cisco-sa-20160706-pi · Medium · Published 9 years ago · Updated 9 years ago

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

A vulnerability in the administrative web interface of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the system. The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by inserting crafting input into the affected fields of the web interface. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-pi

Cisco advisory ·CSAF JSON

Workarounds

Workarounds are not available.

CVEs	CVE-2016-1442
Cisco Bug IDs	CSCuy96280
CVSS Score	Base 4.0 Base 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N/E:F/RL:U/RC:C

Products with public affected evidence

Product	CVE	Affected evidence
Cisco Prime Infrastructure	CVE-2016-1442	structured affected CSAF product_status