Back to KEVs

CVE-2019-1821

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities

Basic Information

CVE State
PUBLISHED
Reserved Date
December 06, 2018
Published Date
May 16, 2019
Last Updated
November 20, 2024
Vendor
Cisco
Product
Cisco Prime Infrastructure
Description
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
Tags
metasploit_scanner edge nuclei_scanner

CVSS Scores

CVSS v3.0

8.8 - HIGH

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

Score
93.01% (Percentile: 99.77%) as of 2025-06-13

SSVC Information

Exploitation
none
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-06-08 00:00:00 UTC) Source

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce http://www.securityfocus.com/bid/108339 http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-06-09 12:00:22 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cpi_tararchive_upload.rb 2025-04-29 11:01:12 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-1821.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

cpi_tararchive_upload

Type: metasploit • Created: Unknown

Metasploit module for CVE-2019-1821

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Detected by Metasploit

  • Added to KEVIntel