First published: Thu May 16 2019(Updated: )
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Evolved Programmable Network Manager | <3.0.1 | |
Cisco Network Level Service | =3.0\(0.0.83b\) | |
Cisco Prime Infrastructure | <3.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-1821.
The severity of CVE-2019-1821 is critical with a CVSS score of 9.8.
The affected software for CVE-2019-1821 includes Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager.
This vulnerability allows an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system.
To fix CVE-2019-1821, it is recommended to apply the necessary patches or updates provided by Cisco.