The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.
2016-07-02T14:59:06.100
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | prime_infrastructure | 1.2 | Yes |
| Application | cisco | prime_infrastructure | 1.2.0.103 | Yes |
| Application | cisco | prime_infrastructure | 1.2.1 | Yes |
| Application | cisco | prime_infrastructure | 1.3 | Yes |
| Application | cisco | prime_infrastructure | 1.3.0.20 | Yes |
| Application | cisco | prime_infrastructure | 1.4 | Yes |
| Application | cisco | prime_infrastructure | 1.4.0.45 | Yes |
| Application | cisco | prime_infrastructure | 1.4.1 | Yes |
| Application | cisco | prime_infrastructure | 1.4.2 | Yes |
| Application | cisco | prime_infrastructure | 2.0 | Yes |
| Application | cisco | prime_infrastructure | 2.1.0 | Yes |
| Application | cisco | prime_infrastructure | 2.2 | Yes |
| Application | cisco | prime_infrastructure | 2.2\(2\) | Yes |
| Application | cisco | evolved_programmable_network_manager | 1.2.0 | Yes |