CVE-2016-1291

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

Published: Apr 7, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-1291
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / prime_infrastructure	1.4.2	1.4.2.x
cisco / prime_infrastructure	2.2	2.2.x
cisco / prime_infrastructure	1.2.1	1.2.1.x
cisco / prime_infrastructure	2.1.0	2.1.0.x
sun / opensolaris	snv_124	snv_124.x
cisco / evolved_programmable_network_manager	1.2.0	1.2.0.x
cisco / prime_infrastructure	1.3.0.20	1.3.0.20.x
cisco / prime_infrastructure	1.2.0.103	1.2.0.103.x
cisco / prime_infrastructure	1.4.0.45	1.4.0.45.x
cisco / prime_infrastructure	1.4.1	1.4.1.x
cisco / prime_infrastructure	1.2	1.2.x
cisco / prime_infrastructure	1.3	1.3.x
cisco / prime_infrastructure	1.4	1.4.x
cisco / prime_infrastructure	2.0	2.0.x

Vulnerability Database

289,599

CVE-2016-1291