Cisco Prime Infrastructure Multiple Vulnerabilities (cisco-sa-20190515-pi-rce)

critical Nessus Plugin ID 130503

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The Cisco Prime Infrastructure application running on the remote host is affected by the following vulnerabilities :

- An unspecified flaw exists that allows a remote, unauthenticated attacker to execute arbitrary code.
(CVE-2019-1821)

- An unspecified flaw exists that allows a remote, authenticated attacker to execute arbitrary code.
(CVE-2019-1822, CVE-2019-1823)

Solution

Upgrade Cisco Prime Infrastructure to version 3.4.1 Update 01, 3.5.0 Update 03, or later

See Also

http://www.nessus.org/u?ce4c9325

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo22842

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo28671

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo28680

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo62258

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo62264

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo62280

Plugin Details

Severity: Critical

ID: 130503

File Name: cisco_prime_infrastructure_sa-20190515-pi-rce.nasl

Version: 1.2

Type: remote

Family: CISCO

Published: 11/5/2019

Updated: 11/8/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-1821

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:prime_infrastructure

Required KB Items: installed_sw/Prime Infrastructure

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/15/2019

Vulnerability Publication Date: 5/15/2019

Exploitable With

Core Impact

Metasploit (Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerability)

Reference Information

CVE: CVE-2019-1821, CVE-2019-1822, CVE-2019-1823

BID: 108339