First published: Thu May 16 2019(Updated: )
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Evolved Programmable Network Manager | <3.0.1 | |
Cisco Network Level Service | =3.0\(0.0.83b\) | |
Cisco Prime Infrastructure | <3.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-1823.
The severity level of CVE-2019-1823 is Critical with a CVSS score of 7.2.
The products affected by CVE-2019-1823 are Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager.
CVE-2019-1823 allows an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system.
To fix the CVE-2019-1823 vulnerability, it is recommended to apply the necessary security updates provided by Cisco.