A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote malicious user to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the malicious user to execute code with root-level privileges on the underlying operating system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco prime infrastructure |
||
cisco evolved programmable network manager |
||
cisco network level service 3.0\\(0.0.83b\\) |
Do the thing ASAP, you know how it works by now
Among a bumper crop of 57 security issues Cisco divulged on Wednesday was a fix for a trio of vulns, one critical, in networks management tool Prime Infrastructure. The latter potentially allows unauthenticated miscreants to execute arbitrary code with root privileges on PI devices. CVE-2019-1821 "can be exploited by an unauthenticated attacker that has network access to the affected [web] administrative interface," Cisco said in an advisory. Two other related vulns, consecutively numbered CVE-2...