Vulnerabilities > Cisco > Evolved Programmable Network Manager > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-12-10 CVE-2021-44228 Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. 10.0
2019-11-26 CVE-2019-15958 Improper Input Validation vulnerability in Cisco Prime Infrastructure
A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system.
network
low complexity
cisco CWE-20
critical
9.8
2019-05-16 CVE-2019-1821 Improper Input Validation vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system.
network
low complexity
cisco CWE-20
critical
9.8
2016-07-02 CVE-2016-1289 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.
network
low complexity
cisco CWE-119
critical
9.8
2016-04-06 CVE-2016-1291 Improper Input Validation vulnerability in multiple products
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
network
low complexity
cisco sun CWE-20
critical
9.8