Multiple vulnerabilities in Cisco Prime Infrastructure and Evolved Programmable Network Manager
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2019-1821 CVE-2019-1822 CVE-2019-1823 CVE-2019-1820 CVE-2019-1824 CVE-2019-1825 CVE-2019-1819 CVE-2019-1818 |
| CWE-ID | CWE-20 CWE-22 CWE-89 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Cisco Prime Infrastructure Server applications / Remote management servers, RDP, SSH |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU18525
Risk: High
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2019-1821
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker can execute arbitrary code on the system with root privileges.
Install updates from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.4.0.0
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo22842
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo28680
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo62258
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo62280
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Input validation error
EUVDB-ID: #VU18526
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-1822
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to compromise the vulnerable system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated attacker can execute arbitrary code with root privileges.
Install updates from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.4.0.0
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo28671
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU18527
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-1823
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to compromise the vulnerable system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated attacker can execute arbitrary code with root privileges.
Install updates from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.0 base - 3.0.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.0 base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.0.0:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo62264
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Path traversal
EUVDB-ID: #VU18528
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-1820
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.0 base - 3.4.0.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.0 base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.4.0.0:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1820
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo28684
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo62276
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) SQL injection
EUVDB-ID: #VU18529
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-1824
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.4.0.0
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo28734
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) SQL injection
EUVDB-ID: #VU18530
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-1825
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.0 base - 3.4.0.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.0 base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.4.0.0:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo23576
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo62268
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo62275
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Path traversal
EUVDB-ID: #VU18531
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-1819
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.0 base - 3.4.0.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.0 base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.4.0.0:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1819
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo28677
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo62260
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Path traversal
EUVDB-ID: #VU18532
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-1818
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Prime Infrastructure: 3.0 base - 3.4.0.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.0 base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_prime_infrastructure:3.4.0.0:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1818
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo28666
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo62256
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
