Cisco Prime Infrastructure up to 2.2.2 HTTP POST Request input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.7 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, was found in Cisco Prime Infrastructure up to 2.2.2. Impacted is an unknown function of the component HTTP POST Request Handler. The manipulation results in input validation. This vulnerability is identified as CVE-2016-1291. The attack can be executed remotely. There is not any exploit available. Applying restrictive firewalling is recommended.
Details
A vulnerability was found in Cisco Prime Infrastructure up to 2.2.2 (Network Management Software). It has been classified as very critical. Affected is some unknown functionality of the component HTTP POST Request Handler. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
The weakness was released 04/06/2016 with Cisco as CSCuw03192 as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability is traded as CVE-2016-1291 since 01/04/2016. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 07/12/2022).
The vulnerability scanner Nessus provides a plugin with the ID 90590 (Cisco Prime Infrastructure Java Deserialization RCE (cisco-sa-20160406-remcode)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context r.
It is possible to mitigate the weakness by firewalling . A possible mitigation has been published immediately after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 26944.
The vulnerability is also documented in the databases at Tenable (90590), SecurityFocus (BID 85878†) and Vulnerability Center (SBV-57978†). Entry connected to this vulnerability is available at VDB-81635. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 9.7
VulDB Base Score: 9.8
VulDB Temp Score: 9.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 90590
Nessus Name: Cisco Prime Infrastructure Java Deserialization RCE (cisco-sa-20160406-remcode)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 103402
OpenVAS Name: Cisco Prime Infrastructure Remote Code Execution Vulnerability (Active Check)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: FirewallStatus: 🔍
Reaction Time: 🔍
Exposure Time: 🔍
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
Fortigate IPS: 🔍
Timeline
01/04/2016 🔍04/06/2016 🔍
04/06/2016 🔍
04/06/2016 🔍
04/06/2016 🔍
04/06/2016 🔍
04/07/2016 🔍
04/07/2016 🔍
04/19/2016 🔍
07/12/2022 🔍
Sources
Vendor: cisco.comAdvisory: CSCuw03192
Organization: Cisco
Status: Confirmed
CVE: CVE-2016-1291 (🔍)
GCVE (CVE): GCVE-0-2016-1291
GCVE (VulDB): GCVE-100-81636
SecurityFocus: 85878 - Multiple Cisco Products CVE-2016-1291 Remote Code Execution Vulnerability
SecurityTracker: 1035497
Vulnerability Center: 57978 - [cisco-sa-20160406-remcode] Cisco Prime Infrastructure Remote Code Execution via Crafted HTTP POST Request, Critical
See also: 🔍
Entry
Created: 04/07/2016 14:21Updated: 07/12/2022 09:31
Changes: 04/07/2016 14:21 (70), 02/03/2019 10:56 (17), 07/12/2022 09:31 (4)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.