CVE-2016-1442

Published on: 07/07/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:05 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Prime Infrastructure from Cisco contain the following vulnerability:

The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280.

  • CVE-2016-1442 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 9 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Cisco Prime Infrastructure Administrative Web Interface HTML Injection Vulnerability Vendor Advisory
tools.cisco.com
text/html
URL Logo CISCO 20160706 Cisco Prime Infrastructure Administrative Web Interface HTML Injection Vulnerability
Cisco Prime Infrastructure Flaw Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036238

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoPrime Infrastructure3.0AllAllAll
ApplicationCiscoPrime Infrastructure3.1AllAllAll
ApplicationCiscoPrime Infrastructure3.0AllAllAll
ApplicationCiscoPrime Infrastructure3.1AllAllAll
  • cpe:2.3:a:cisco:prime_infrastructure:3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:prime_infrastructure:3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*: