LiveActive security incident?Get immediate response
CVE Record

CVE-2019-15958: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.

HighCVSS 8.1Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

This flaw could let a remote unauthenticated attacker run code as root on Cisco Prime Infrastructure or Cisco EPNM, but only during the initial High Availability registration window. The business risk is severe if that window is reachable from untrusted networks.

Executive priority

Treat as high priority where Cisco PI or EPNM is deployed. Root-level compromise of a network management platform can affect confidentiality, integrity, and availability, even though the exploitable window is narrow.

Technical view

The vulnerability is insufficient input validation in the REST API during HA configuration and registration. A malicious file uploaded during the HA registration period could lead to arbitrary code execution with root privileges on the underlying operating system. CVSS is 8.1, with high attack complexity due to the limited timing condition.

Likely exposure

Exposure is likely limited to organizations running Cisco Prime Infrastructure or Cisco EPNM with HA registration active or mismanaged. The source bundle does not identify affected versions, internet exposure levels, or fixed releases.

Exploitation context

The source bundle does not report active exploitation, and KEV status is false. Exploitation requires network reachability and the specific HA registration period, but success would provide root-level operating system compromise.

Researcher notes

Do not assume broad exploitability outside the HA registration period. The bundle lacks version and fixed-release details, so validation should focus on product presence, HA registration state, network reachability, and Cisco advisory alignment.

Mitigation direction

  • Review Cisco’s advisory for affected releases and vendor-approved fixes.
  • Restrict management and HA registration interfaces to trusted administrative networks.
  • Avoid exposing Cisco PI or EPNM management services to the internet.
  • Disable or close HA registration workflows when not actively required.
  • Monitor for unexpected HA registration activity or file uploads.

Validation and detection

  • Inventory Cisco Prime Infrastructure and EPNM deployments.
  • Confirm whether HA registration is enabled or recently used.
  • Compare installed versions against Cisco’s advisory.
  • Verify REST API and management access are network-restricted.
  • Review logs for unexpected HA registration uploads or configuration changes.
Prepared
Confidence
high
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-20: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

Execution behavior lookup

The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2019-15958 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
8.1 (3.0)
Known Exploited
No
Published

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
8.1CVSS 3.0HighCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H2.25.9Primary CVE score

Vulnerability scoring details

Base CVSS 3.0 score

8.1High
CVSS 3.0 vector shape for CVE-2019-15958Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
CiscoCisco Prime InfrastructureunspecifiedListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.