CyberSec.Space Logo
Back to CVE Browser

CVE-2019-1821

HIGH
8.8
CVSS Severity Score
EPSS Score0.1190%
EPSS Percentile29.25th
PublishedMay 16, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.

Affected Platforms (CPE)

πŸ“¦
Cisco

Evolved Programmable Network Manager

< 3.0.1
πŸ“¦
Cisco

Network Level Service

= 3.0\(0.0.83b\)
πŸ“¦
Cisco

Prime Infrastructure

< 3.4.1

References & Advisories

πŸ”— http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html
πŸ”— http://www.securityfocus.com/bid/108339
πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
πŸ”— http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html
πŸ”— http://www.securityfocus.com/bid/108339
πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce

Related Vulnerabilities

CVE-2016-12919.8

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers t...

CVE-2016-12899.8

The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers ...

CVE-2019-159589.8

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could all...

CVE-2021-14878.8

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager...