CVE-2016-1291: Input Validation
First published: Wed Apr 06 2016(Updated: )
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Evolved Programmable Network Manager | =1.2.0 | |
| Cisco Prime Infrastructure | =1.2 | |
| Cisco Prime Infrastructure | =1.2.0.103 | |
| Cisco Prime Infrastructure | =1.2.1 | |
| Cisco Prime Infrastructure | =1.3 | |
| Cisco Prime Infrastructure | =1.3.0.20 | |
| Cisco Prime Infrastructure | =1.4 | |
| Cisco Prime Infrastructure | =1.4.0.45 | |
| Cisco Prime Infrastructure | =1.4.1 | |
| Cisco Prime Infrastructure | =1.4.2 | |
| Cisco Prime Infrastructure | =2.0 | |
| Cisco Prime Infrastructure | =2.1.0 | |
| Cisco Prime Infrastructure | =2.2 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =snv_124 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1291?
CVE-2016-1291 has a critical severity rating due to the potential for remote code execution.
How do I fix CVE-2016-1291?
To fix CVE-2016-1291, it is recommended to upgrade to a patched version of Cisco Prime Infrastructure or Cisco Evolved Programmable Network Manager.
Which versions are affected by CVE-2016-1291?
CVE-2016-1291 affects Cisco Prime Infrastructure version 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager version 1.2.
Can CVE-2016-1291 be exploited remotely?
Yes, CVE-2016-1291 can be exploited remotely by attackers through crafted HTTP POST requests.
What types of attacks can CVE-2016-1291 allow?
CVE-2016-1291 allows attackers to execute arbitrary code on the vulnerable systems.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco evolved programmable network manager
- version/cisco evolved programmable network manager/1.2.0
- canonical/cisco prime infrastructure
- version/cisco prime infrastructure/1.2
- version/cisco prime infrastructure/1.2.0.103
- version/cisco prime infrastructure/1.2.1
- version/cisco prime infrastructure/1.3
- version/cisco prime infrastructure/1.3.0.20
- version/cisco prime infrastructure/1.4
- version/cisco prime infrastructure/1.4.0.45
- version/cisco prime infrastructure/1.4.1
- version/cisco prime infrastructure/1.4.2
- version/cisco prime infrastructure/2.0
- version/cisco prime infrastructure/2.1.0
- version/cisco prime infrastructure/2.2
- vendor/sun
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/snv_124