What is CVE-2016-1291?

CVE-2016-1291 is a critical-severity vulnerability in Cisco Evolved_programmable_network_manager, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2016-04-06.

How severe is CVE-2016-1291?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2016-1291 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Cisco Evolved_programmable_network_manager

CVE-2016-1291

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.023 (85.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Evolved_programmable_network_manager — versions 1.2.0
Cisco Prime_infrastructure — versions 1.2, 1.2.0.103, 1.2.1
Sun Opensolaris — versions snv_124
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

1035497 (vdb-entry, x_refsource_SECTRACK)
psirt@cisco.com (VDB Entry, Third Party Advisory, x_refsource_MISC)
20160406 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2016-1291?: CVE-2016-1291 is a critical-severity vulnerability in Cisco Evolved_programmable_network_manager, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2016-04-06.
How severe is CVE-2016-1291?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2016-1291 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.