What is the severity of CVE-2016-1390?

CVE-2016-1390 is classified as having a high severity due to the potential for local users to gain root access.

How do I fix CVE-2016-1390?

To fix CVE-2016-1390, update to the appropriate patched version of Cisco Prime Network Analysis Module or Prime Virtual Network Analysis Module as specified by the vendor.

Which versions are affected by CVE-2016-1390?

CVE-2016-1390 affects Cisco Prime Network Analysis Module versions from 5.0.0 up to but not including 6.1(1) patch.6.1-2-final and also versions of Prime Virtual Network Analysis Module prior to 6.1(1) patch.6.1-2-final.

What does CVE-2016-1390 exploit?

CVE-2016-1390 exploits a vulnerability that allows local users to obtain root access through crafted command-line interface (CLI) input.

Is network security at risk due to CVE-2016-1390?

Yes, CVE-2016-1390 poses a significant risk to network security as it can allow unauthorized access and control over the affected systems.

Vulnerability/
CVE-2016-1390

high

7.8

CWE

4/6/2016

5/8/2024

CVE-2016-1390: Input Validation

First published: Sat Jun 04 2016(Updated: )

Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Prime Virtual Network Analysis Module Software	=5.0.0
Cisco Prime Virtual Network Analysis Module Software	=5.0.1
Cisco Prime Virtual Network Analysis Module Software	=5.0.2
Cisco Prime Virtual Network Analysis Module Software	=5.1.0
Cisco Prime Virtual Network Analysis Module Software	=5.1.2
Cisco Prime Virtual Network Analysis Module Software	=6.0.2
Cisco Prime Virtual Network Analysis Module Software	=6.1.0
Cisco Prime Virtual Network Analysis Module Software	=6.1.1
Cisco Prime Virtual Network Analysis Module Software	=6.2.0
Cisco Prime Virtual Network Analysis Module Software	=6.0.0
Cisco Prime Virtual Network Analysis Module Software	=6.1.0
Cisco Prime Virtual Network Analysis Module Software	=6.2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-1390?
CVE-2016-1390 is classified as having a high severity due to the potential for local users to gain root access.
How do I fix CVE-2016-1390?
To fix CVE-2016-1390, update to the appropriate patched version of Cisco Prime Network Analysis Module or Prime Virtual Network Analysis Module as specified by the vendor.
Which versions are affected by CVE-2016-1390?
CVE-2016-1390 affects Cisco Prime Network Analysis Module versions from 5.0.0 up to but not including 6.1(1) patch.6.1-2-final and also versions of Prime Virtual Network Analysis Module prior to 6.1(1) patch.6.1-2-final.
What does CVE-2016-1390 exploit?
CVE-2016-1390 exploits a vulnerability that allows local users to obtain root access through crafted command-line interface (CLI) input.
Is network security at risk due to CVE-2016-1390?
Yes, CVE-2016-1390 poses a significant risk to network security as it can allow unauthorized access and control over the affected systems.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco prime virtual network analysis module software
version/cisco prime virtual network analysis module software/5.0.0
version/cisco prime virtual network analysis module software/5.0.1
version/cisco prime virtual network analysis module software/5.0.2
version/cisco prime virtual network analysis module software/5.1.0
version/cisco prime virtual network analysis module software/5.1.2
version/cisco prime virtual network analysis module software/6.0.2
version/cisco prime virtual network analysis module software/6.1.0
version/cisco prime virtual network analysis module software/6.1.1
version/cisco prime virtual network analysis module software/6.2.0
version/cisco prime virtual network analysis module software/6.0.0