Cisco Prime Infrastructure and EPNM Deserialization Code Execution (CVE-2016-1291)

A vulnerability has been found in the web interface of Cisco Prime Infrastructure and Evolved programmable Network Manager (EPNM). The vulnerability is due to insufficient sanitization of user supplied input to the web interface. A remote, unauthenticated attacker could exploit this vulnerability by sending an HTTP POST request with maliciously crafted serialized user data.

Leave a Reply