Cisco Prime Infrastructure & EPN Manager Path Traversal Vulnerability (CVE-2019-1818) Advisory

Vulnerability Type: Path Traversal Severity: Medium (CVSS Score: 6.5) Affected Products: - Cisco Prime Infrastructure releases prior to 3.4, 3.5, and 3.6 - Cisco Evolved Programmable Network (EPN) Manager releases prior to 3.0.1 Vulnerability ID: cisco-sa-20190515-pi-pathtrav-1818 CVE ID: CVE-2019-1818 CWE ID: CWE-22 Publication Date: 2019 May 15 16:00 GMT Summary: - A vulnerability in the web-based management interface could allow an authenticated, remote attacker to download and view files within the application that should be restricted, due to improper sanitization of user-supplied input in HTTP request parameters. Workarounds: No workarounds are available. Fixed Software: For details, consult the Cisco bug IDs (CSVo28666, CSVo62256) at the top of the advisory. Exploitation and Public Announcements: No public announcements or malicious use is known. Source: Reported by Steven Seeley (mr_me) of Source Incite.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco Prime Infrastructure & EPN Manager Path Traversal Vulnerability (CVE-2019-1818) Advisory