CVE-2019-1822

EPSS 2.95%
Veröffentlicht 16.05.2019 01:29:00
Zuletzt bearbeitet 21.11.2024 04:37:28
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Evolved Programmable Network Manager Version < 3.0.1

Cisco ≫ Prime Infrastructure Version < 3.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.95%	0.859

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C
psirt@cisco.com	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/108339

Third Party Advisory

Broken Link

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1822

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1822

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1822

EUVD