Remote Code Execution Vulnerability in Cisco Prime Network Analysis Module
CVE-2016-1388

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Network Analysis Module; Prime Network Analysis Module Software; Prime Virtual Network Analysis Module Software
Vendor: CVE Published:; 3 June 2016

Summary

Cisco Prime Network Analysis Module and Prime Virtual Network Analysis Module are susceptible to a remote code execution vulnerability that permits unauthorized users to execute arbitrary operating system commands. Attackers can exploit this weakness by sending specially crafted HTTP requests to the affected modules. This vulnerability has implications for the security of systems running these modules, as it could be used to gain unauthorized access to sensitive information or execute malicious activities.

References

http://www.securitytracker.com/id/1036013

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2016
Vulnerability Reserved
Jan 4, 2016