CVE-2016-1408

Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.

Published: Jul 2, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-1408
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / prime_infrastructure	1.4.2	1.4.2.x
cisco / prime_infrastructure	2.2	2.2.x
cisco / prime_infrastructure	1.2.1	1.2.1.x
cisco / prime_infrastructure	2.1.0	2.1.0.x
cisco / prime_infrastructure	1.3.0.20	1.3.0.20.x
cisco / prime_infrastructure	1.2.0.103	1.2.0.103.x
cisco / prime_infrastructure	2.2(2)	2.2(2).x
cisco / prime_infrastructure	1.4.0.45	1.4.0.45.x
cisco / prime_infrastructure	1.4.1	1.4.1.x
cisco / prime_infrastructure	1.2	1.2.x
cisco / prime_infrastructure	1.3	1.3.x
cisco / prime_infrastructure	1.4	1.4.x
cisco / prime_infrastructure	3.0	3.0.x
cisco / prime_infrastructure	3.1	3.1.x
cisco / prime_infrastructure	2.0	2.0.x
cisco / evolved_programmable_network_manager	1.2.1.3	1.2.1.3.x
cisco / evolved_programmable_network_manager	1.2.500	1.2.500.x
cisco / evolved_programmable_network_manager	1.2.0	1.2.0.x
cisco / evolved_programmable_network_manager	1.2.300	1.2.300.x
cisco / evolved_programmable_network_manager	1.2.200	1.2.200.x
cisco / evolved_programmable_network_manager	1.2.400	1.2.400.x

Vulnerability Database

313,825

CVE-2016-1408

Deep Security Visibility Without the Complexity