What is CVE-2016-1408?

CVE-2016-1408 is a high-severity vulnerability in Cisco Evolved_programmable_network_manager, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2016-07-02.

How severe is CVE-2016-1408?

High severity. CVSS v3 base score is 8.8 out of 10.

Improper input validation in Cisco Evolved_programmable_network_manager

CVE-2016-1408

Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (57.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Evolved_programmable_network_manager — versions 1.2.0, 1.2.1.3, 1.2.200
Cisco Prime_infrastructure — versions 1.2, 1.2.0.103, 1.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

20160629 Cisco Prime Infrastructure and Evolved Programmable Network Manager Authenticated Remote Code Execution Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1036197 (vdb-entry, x_refsource_SECTRACK)
91506 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-1408?: CVE-2016-1408 is a high-severity vulnerability in Cisco Evolved_programmable_network_manager, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2016-07-02.
How severe is CVE-2016-1408?: High severity. CVSS v3 base score is 8.8 out of 10.