Main Vulnerability Database SB2016070704

SB2016070704 - Arbitrary commands execution in Cisco Prime Infrastructure

Published: July 7, 2016 Updated: July 12, 2020

Security Bulletin ID SB2016070704

CSH Severity

Critical

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Arbitrary commands execution (CVE-ID: CVE-2016-1442)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper user input validation. A remote unauthenticated attacker can cause arbitrary commands execution by inserting crafting input into the affected fields of the web interface.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-pi