CyberSec.Space Logo
Back to CVE Browser

CVE-2016-1289

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1710%
EPSS Percentile27.69th
PublishedJul 2, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.

Affected Platforms (CPE)

πŸ“¦
Cisco

Prime Infrastructure

= 1.2
πŸ“¦
Cisco

Prime Infrastructure

= 1.2.0.103
πŸ“¦
Cisco

Prime Infrastructure

= 1.2.1
πŸ“¦
Cisco

Prime Infrastructure

= 1.3
πŸ“¦
Cisco

Prime Infrastructure

= 1.3.0.20
πŸ“¦
Cisco

Prime Infrastructure

= 1.4
πŸ“¦
Cisco

Prime Infrastructure

= 1.4.0.45
πŸ“¦
Cisco

Prime Infrastructure

= 1.4.1
πŸ“¦
Cisco

Prime Infrastructure

= 1.4.2
πŸ“¦
Cisco

Prime Infrastructure

= 2.0
πŸ“¦
Cisco

Prime Infrastructure

= 2.1.0
πŸ“¦
Cisco

Prime Infrastructure

= 2.2
πŸ“¦
Cisco

Prime Infrastructure

= 2.2\(2\)
πŸ“¦
Cisco

Evolved Programmable Network Manager

= 1.2.0

References & Advisories

πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass
πŸ”— http://www.securityfocus.com/bid/91504
πŸ”— http://www.securitytracker.com/id/1036195
πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass
πŸ”— http://www.securityfocus.com/bid/91504
πŸ”— http://www.securitytracker.com/id/1036195

Related Vulnerabilities

CVE-2018-02589.8

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload a...

CVE-2019-159589.8

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could all...

CVE-2016-12919.8

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers t...

CVE-2018-153799.8

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allo...