CRITICAL✓ PATCH🇬🇧 English

CVE-2016-1289

CVSS 9.8v3.0pub. 2016-07-02upd. 2026-05-06

The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Evolved Programmable Network Manager

    APP
    Cisco
    1.2.0
  • Cisco Prime Infrastructure

    APP
    Cisco
    1.21.2.0.1031.2.11.31.3.0.201.41.4.0.451.4.11.4.22.02.1.02.22.2\(2\)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2019-15958CRITICAL9.8ten sam produkt

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Mana...

CVE-2018-15379CRITICAL9.8ten sam produkt

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory pe...

CVE-2018-0258CRITICAL9.8ten sam produkt

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote ...

CVE-2016-1291CRITICAL9.8ten sam produkt

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allo...

CVE-2026-20155HIGH8.0ten sam produkt

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) cou...