// For flags

CVE-2019-1821

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.

Una vulnerabilidad enweb-based management interface de Cisco Prime Infrastructure (PI) y Cisco Evolved Programmable Network (EPN) Manager podría permitir que un atacante remoto autenticado ejecute código con privilegios de nivel raíz en el sistema operativo subyacente. Esta vulnerabilidad existe porque el programa valida incorrectamente la entrada proporcionada por el usuario. Un atacante podría aprovechar esta vulnerabilidad al cargar un archivo malicioso en la interfaz web administrativa. Un aprovechamiento exitoso podría permitir al atacante ejecutar código con privilegios de nivel raíz en el sistema operativo subyacente.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-12-06 CVE Reserved
  • 2019-05-15 First Exploit
  • 2019-05-16 CVE Published
  • 2024-05-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Evolved Programmable Network Manager
Search vendor "Cisco" for product "Evolved Programmable Network Manager"
 < 3.0.1
Search vendor "Cisco" for product "Evolved Programmable Network Manager" and version " < 3.0.1"
-
Affected
Cisco
Search vendor "Cisco"
 Network Level Service
Search vendor "Cisco" for product "Network Level Service"
 3.0\(0.0.83b\)
Search vendor "Cisco" for product "Network Level Service" and version "3.0\(0.0.83b\)"
-
Affected
Cisco
Search vendor "Cisco"
 Prime Infrastructure
Search vendor "Cisco" for product "Prime Infrastructure"
 < 3.4.1
Search vendor "Cisco" for product "Prime Infrastructure" and version " < 3.4.1"
-
Affected