CVE-2019-1821

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities

CVSS 8.8 HIGHEPSS 98.1%CWE-20

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Cisco · Cisco Prime Infrastructure

public PoCs found — 4

githubgithub.com/k8gege/CiscoExploit★ 143 cve_referencepacketstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.htmlunverified exploitdbwww.exploit-db.com/exploits/47016unverified exploitdbwww.exploit-db.com/exploits/47686unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce http://www.securityfocus.com/bid/108339