CVE-2019-1823

EPSS 2.04%
Published 16.05.2019 01:29:00
Last modified 21.11.2024 04:37:28
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Evolved Programmable Network Manager Version < 3.0.1

Cisco ≫ Network Level Service Version3.0(0.0.83b)

Cisco ≫ Prime Infrastructure Version < 3.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.04%	0.831

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C
psirt@cisco.com	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/108339

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1823

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1823

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1823

EUVD