Arbitrary commands execution in Cisco Prime Infrastructure - CVE-2016-1442
Published: July 8, 2016 / Updated: July 12, 2020
Vulnerability identifier: #VU106
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2016-1442
CWE-ID: CWE-942
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Prime Infrastructure
Cisco Prime Infrastructure
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper user input validation. A remote unauthenticated attacker can cause arbitrary commands execution by inserting crafting input into the affected fields of the web interface.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability exists due to improper user input validation. A remote unauthenticated attacker can cause arbitrary commands execution by inserting crafting input into the affected fields of the web interface.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2016-1442
Patch for this vulnerability is avaliable through the Cisco Bug Search Tool.
Cisco plans to release a software update in the third quarter of 2016. The expected fixed software version will be 3.1.1.
Cisco plans to release a software update in the third quarter of 2016. The expected fixed software version will be 3.1.1.