CVE-2016-1291

high-risk

Published 2016-04-06

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

Do I need to act?

2.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (14)

Prime Infrastructure

Evolved Programmable Network Manager

Prime Infrastructure

Opensolaris

Affected Vendors

Cisco Sun

References (6)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securitytracker.com/id/1035497

Third Party Advisory https://blogs.securiteam.com/index.php/archives/2727

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securitytracker.com/id/1035497

Third Party Advisory https://blogs.securiteam.com/index.php/archives/2727

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 5/34 · Minimal

Exposure 18/34 · Moderate