The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCisco Evolved Programmable Network Manager
APPCisco1.2.0Cisco Prime Infrastructure
APPCisco1.21.2.0.1031.2.11.31.3.0.201.41.4.0.451.4.11.4.22.02.1.02.22.2\(2\)
Related vulnerabilities
A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Mana...
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory pe...
A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote ...
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allo...
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) cou...