Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

cisco-sa-20191106-pi-epn-codex · Critical · Published · Updated

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability exists because affected devices with the High Availability (HA) feature enabled do not properly perform input validation. An attacker could exploit this vulnerability by uploading a malicious file to either the HA active or standby device. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2019-15958
Cisco Bug IDsCSCvp79419, CSCvp79611
CVSS ScoreBase 9.8
Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Prime Infrastructure, Cisco Evolved Programmable Network Manager (EPNM)

Related Products

Product CVE Evidence
Cisco Prime Infrastructure CVE-2019-15958 Cisco OpenVuln
Cisco Evolved Programmable Network Manager (EPNM) CVE-2019-15958 Cisco OpenVuln