A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCisco Evolved Programmable Network Manager
APPCisco< 3.0.1Cisco Network Level Service
APPCisco3.0\(0.0.83b\)Cisco Prime Infrastructure
APPCisco< 3.4.1
Related vulnerabilities
A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Mana...
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IN...
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory pe...
A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote ...
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allo...