CVE-2016-1408

high-risk

Published 2016-07-02

Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.

Do I need to act?

-

0.35% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Prime Infrastructure

Prime Infrastructure

Prime Infrastructure

Prime Infrastructure

Prime Infrastructure

Prime Infrastructure

Prime Infrastructure

Prime Infrastructure

Evolved Programmable Network Manager

Evolved Programmable Network Manager

Evolved Programmable Network Manager

Prime Infrastructure

Prime Infrastructure

Prime Infrastructure

Prime Infrastructure

Prime Infrastructure

Prime Infrastructure

Prime Infrastructure

Evolved Programmable Network Manager

Evolved Programmable Network Manager

Affected Vendors

Cisco

References (6)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/91506

http://www.securitytracker.com/id/1036197

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/91506

http://www.securitytracker.com/id/1036197

51

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 20/34 · Moderate