What is the severity of CVE-2016-1391?

CVE-2016-1391 has been assigned a high severity rating due to the potential for remote command execution by authenticated users.

How do I fix CVE-2016-1391?

To mitigate CVE-2016-1391, upgrade to Cisco Prime Network Analysis Module version 6.1(1) patch.6.1-2-final or later.

Which Cisco products are affected by CVE-2016-1391?

CVE-2016-1391 affects multiple versions of Cisco Prime Network Analysis Module and Prime Virtual Network Analysis Module.

Can CVE-2016-1391 be exploited remotely?

Yes, CVE-2016-1391 can be exploited remotely by authenticated users through crafted HTTP requests.

What types of attacks can CVE-2016-1391 lead to?

CVE-2016-1391 can lead to arbitrary command execution on the underlying operating system.

Vulnerability/
CVE-2016-1391

high

8.8

CWE

4/6/2016

5/8/2024

CVE-2016-1391: Input Validation

First published: Sat Jun 04 2016(Updated: )

Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Prime Virtual Network Analysis Module Software	=5.0.0
Cisco Prime Virtual Network Analysis Module Software	=5.0.1
Cisco Prime Virtual Network Analysis Module Software	=5.0.2
Cisco Prime Virtual Network Analysis Module Software	=5.1.0
Cisco Prime Virtual Network Analysis Module Software	=5.1.2
Cisco Prime Virtual Network Analysis Module Software	=6.0.2
Cisco Prime Virtual Network Analysis Module Software	=6.1.0
Cisco Prime Virtual Network Analysis Module Software	=6.1.1
Cisco Prime Virtual Network Analysis Module Software	=6.2.0
Cisco Prime Virtual Network Analysis Module Software	=6.0.0
Cisco Prime Virtual Network Analysis Module Software	=6.1.0
Cisco Prime Virtual Network Analysis Module Software	=6.2.0
Cisco Prime Virtual Network Analysis Module Software	=6.2.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-1391?
CVE-2016-1391 has been assigned a high severity rating due to the potential for remote command execution by authenticated users.
How do I fix CVE-2016-1391?
To mitigate CVE-2016-1391, upgrade to Cisco Prime Network Analysis Module version 6.1(1) patch.6.1-2-final or later.
Which Cisco products are affected by CVE-2016-1391?
CVE-2016-1391 affects multiple versions of Cisco Prime Network Analysis Module and Prime Virtual Network Analysis Module.
Can CVE-2016-1391 be exploited remotely?
Yes, CVE-2016-1391 can be exploited remotely by authenticated users through crafted HTTP requests.
What types of attacks can CVE-2016-1391 lead to?
CVE-2016-1391 can lead to arbitrary command execution on the underlying operating system.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco prime virtual network analysis module software
version/cisco prime virtual network analysis module software/5.0.0
version/cisco prime virtual network analysis module software/5.0.1
version/cisco prime virtual network analysis module software/5.0.2
version/cisco prime virtual network analysis module software/5.1.0
version/cisco prime virtual network analysis module software/5.1.2
version/cisco prime virtual network analysis module software/6.0.2
version/cisco prime virtual network analysis module software/6.1.0
version/cisco prime virtual network analysis module software/6.1.1
version/cisco prime virtual network analysis module software/6.2.0
version/cisco prime virtual network analysis module software/6.0.0
version/cisco prime virtual network analysis module software/6.2.1