CVE-2023-20258

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. An attacker could exploit this vulnerability by uploading a document containing malicious serialized Java objects to be processed by the affected application. A successful exploit could allow the attacker to cause the application to execute arbitrary commands.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected products

Cisco / Cisco Prime Infrastructure2.0.0 – 2.0.0
Cisco / Cisco Prime Infrastructure2.0.10 – 2.0.10
Cisco / Cisco Prime Infrastructure2.0.39 – 2.0.39
Cisco / Cisco Prime Infrastructure2.1.0 – 2.1.0
Cisco / Cisco Prime Infrastructure2.1.1 – 2.1.1
Cisco / Cisco Prime Infrastructure2.1.2 – 2.1.2
Cisco / Cisco Prime Infrastructure2.1.56 – 2.1.56
Cisco / Cisco Prime Infrastructure2.2.0 – 2.2.0
Cisco / Cisco Prime Infrastructure2.2.1 – 2.2.1
Cisco / Cisco Prime Infrastructure2.2.2 – 2.2.2
Cisco / Cisco Prime Infrastructure2.2.3 – 2.2.3
Cisco / Cisco Prime Infrastructure2.2.10 – 2.2.10
Cisco / Cisco Prime Infrastructure2.2.8 – 2.2.8
Cisco / Cisco Prime Infrastructure2.2.4 – 2.2.4
Cisco / Cisco Prime Infrastructure2.2.7 – 2.2.7
Cisco / Cisco Prime Infrastructure2.2.5 – 2.2.5
Cisco / Cisco Prime Infrastructure2.2.9 – 2.2.9
Cisco / Cisco Prime Infrastructure2.2.1 Update 01 – 2.2.1 Update 01
Cisco / Cisco Prime Infrastructure2.2.2 Update 03 – 2.2.2 Update 03
Cisco / Cisco Prime Infrastructure2.2.2 Update 04 – 2.2.2 Update 04
Cisco / Cisco Prime Infrastructure2.2.3 Update 02 – 2.2.3 Update 02
Cisco / Cisco Prime Infrastructure2.2.3 Update 03 – 2.2.3 Update 03
Cisco / Cisco Prime Infrastructure2.2.3 Update 04 – 2.2.3 Update 04
Cisco / Cisco Prime Infrastructure2.2.3 Update 05 – 2.2.3 Update 05
Cisco / Cisco Prime Infrastructure2.2.3 Update 06 – 2.2.3 Update 06
Cisco / Cisco Prime Infrastructure3.0.0 – 3.0.0
Cisco / Cisco Prime Infrastructure3.0.1 – 3.0.1
Cisco / Cisco Prime Infrastructure3.0.2 – 3.0.2
Cisco / Cisco Prime Infrastructure3.0.3 – 3.0.3
Cisco / Cisco Prime Infrastructure3.0.4 – 3.0.4
Cisco / Cisco Prime Infrastructure3.0.6 – 3.0.6
Cisco / Cisco Prime Infrastructure3.0.5 – 3.0.5
Cisco / Cisco Prime Infrastructure3.0.7 – 3.0.7
Cisco / Cisco Prime Infrastructure3.1.0 – 3.1.0
Cisco / Cisco Prime Infrastructure3.1.1 – 3.1.1
Cisco / Cisco Prime Infrastructure3.1.7 – 3.1.7
Cisco / Cisco Prime Infrastructure3.1.5 – 3.1.5
Cisco / Cisco Prime Infrastructure3.1.2 – 3.1.2
Cisco / Cisco Prime Infrastructure3.1.3 – 3.1.3
Cisco / Cisco Prime Infrastructure3.1.4 – 3.1.4
Cisco / Cisco Prime Infrastructure3.1.6 – 3.1.6
Cisco / Cisco Prime Infrastructure3.2.2 – 3.2.2
Cisco / Cisco Prime Infrastructure3.2.0-FIPS – 3.2.0-FIPS
Cisco / Cisco Prime Infrastructure3.2.1 – 3.2.1
Cisco / Cisco Prime Infrastructure3.3.0 – 3.3.0
Cisco / Cisco Prime Infrastructure3.3.1 – 3.3.1
Cisco / Cisco Prime Infrastructure3.3.0 Update 01 – 3.3.0 Update 01
Cisco / Cisco Prime Infrastructure3.4.0 – 3.4.0
Cisco / Cisco Prime Infrastructure3.4.1 – 3.4.1
Cisco / Cisco Prime Infrastructure3.4.2 – 3.4.2
Cisco / Cisco Prime Infrastructure3.4.1 Update 01 – 3.4.1 Update 01
Cisco / Cisco Prime Infrastructure3.4.1 Update 02 – 3.4.1 Update 02
Cisco / Cisco Prime Infrastructure3.4.2 Update 01 – 3.4.2 Update 01
Cisco / Cisco Prime Infrastructure3.5.0 – 3.5.0
Cisco / Cisco Prime Infrastructure3.5.1 – 3.5.1
Cisco / Cisco Prime Infrastructure3.5.0 Update 01 – 3.5.0 Update 01
Cisco / Cisco Prime Infrastructure3.5.0 Update 02 – 3.5.0 Update 02
Cisco / Cisco Prime Infrastructure3.5.0 Update 03 – 3.5.0 Update 03
Cisco / Cisco Prime Infrastructure3.5.1 Update 01 – 3.5.1 Update 01
Cisco / Cisco Prime Infrastructure3.5.1 Update 02 – 3.5.1 Update 02
Cisco / Cisco Prime Infrastructure3.5.1 Update 03 – 3.5.1 Update 03
Cisco / Cisco Prime Infrastructure3.6.0 – 3.6.0
Cisco / Cisco Prime Infrastructure3.6.0 Update 01 – 3.6.0 Update 01
Cisco / Cisco Prime Infrastructure3.6.0 Update 02 – 3.6.0 Update 02
Cisco / Cisco Prime Infrastructure3.6.0 Update 03 – 3.6.0 Update 03
Cisco / Cisco Prime Infrastructure3.6.0 Update 04 – 3.6.0 Update 04
Cisco / Cisco Prime Infrastructure2.1 – 2.1
Cisco / Cisco Prime Infrastructure2.2 – 2.2
Cisco / Cisco Prime Infrastructure3.2 – 3.2
Cisco / Cisco Prime Infrastructure3.4_DP1 – 3.4_DP1
Cisco / Cisco Prime Infrastructure3.4_DP3 – 3.4_DP3
Cisco / Cisco Prime Infrastructure3.4_DP2 – 3.4_DP2
Cisco / Cisco Prime Infrastructure3.5_DP1 – 3.5_DP1
Cisco / Cisco Prime Infrastructure3.4_DP7 – 3.4_DP7
Cisco / Cisco Prime Infrastructure3.4_DP10 – 3.4_DP10
Cisco / Cisco Prime Infrastructure3.4_DP5 – 3.4_DP5
Cisco / Cisco Prime Infrastructure3.1_DP15 – 3.1_DP15
Cisco / Cisco Prime Infrastructure3.4_DP11 – 3.4_DP11
Cisco / Cisco Prime Infrastructure3.4_DP8 – 3.4_DP8
Cisco / Cisco Prime Infrastructure3.7_DP1 – 3.7_DP1
Cisco / Cisco Prime Infrastructure3.3_DP4 – 3.3_DP4
Cisco / Cisco Prime Infrastructure3.10_DP1 – 3.10_DP1
Cisco / Cisco Prime Infrastructure3.8_DP1 – 3.8_DP1
Cisco / Cisco Prime Infrastructure3.7_DP2 – 3.7_DP2
Cisco / Cisco Prime Infrastructure3.6_DP1 – 3.6_DP1
Cisco / Cisco Prime Infrastructure3.1_DP16 – 3.1_DP16
Cisco / Cisco Prime Infrastructure3.5_DP4 – 3.5_DP4
Cisco / Cisco Prime Infrastructure3.3_DP3 – 3.3_DP3
Cisco / Cisco Prime Infrastructure3.2_DP2 – 3.2_DP2
Cisco / Cisco Prime Infrastructure3.4_DP4 – 3.4_DP4
Cisco / Cisco Prime Infrastructure3.1_DP14 – 3.1_DP14
Cisco / Cisco Prime Infrastructure3.1_DP6 – 3.1_DP6
Cisco / Cisco Prime Infrastructure3.1_DP9 – 3.1_DP9
Cisco / Cisco Prime Infrastructure3.4_DP6 – 3.4_DP6
Cisco / Cisco Prime Infrastructure3.2_DP3 – 3.2_DP3
Cisco / Cisco Prime Infrastructure3.4_DP9 – 3.4_DP9
Cisco / Cisco Prime Infrastructure3.3_DP2 – 3.3_DP2
Cisco / Cisco Prime Infrastructure3.2_DP1 – 3.2_DP1
Cisco / Cisco Prime Infrastructure3.1_DP10 – 3.1_DP10
Cisco / Cisco Prime Infrastructure3.9_DP1 – 3.9_DP1
Cisco / Cisco Prime Infrastructure3.3_DP1 – 3.3_DP1
Cisco / Cisco Prime Infrastructure3.1_DP13 – 3.1_DP13
Cisco / Cisco Prime Infrastructure3.5_DP2 – 3.5_DP2
Cisco / Cisco Prime Infrastructure3.1_DP12 – 3.1_DP12
Cisco / Cisco Prime Infrastructure3.1_DP4 – 3.1_DP4
Cisco / Cisco Prime Infrastructure3.5_DP3 – 3.5_DP3
Cisco / Cisco Prime Infrastructure3.1_DP8 – 3.1_DP8
Cisco / Cisco Prime Infrastructure3.1_DP7 – 3.1_DP7
Cisco / Cisco Prime Infrastructure3.2_DP4 – 3.2_DP4
Cisco / Cisco Prime Infrastructure3.1_DP11 – 3.1_DP11
Cisco / Cisco Prime Infrastructure3.1_DP5 – 3.1_DP5
Cisco / Cisco Prime Infrastructure3.7.0 – 3.7.0
Cisco / Cisco Prime Infrastructure3.7.1 – 3.7.1
Cisco / Cisco Prime Infrastructure3.7.1 Update 04 – 3.7.1 Update 04
Cisco / Cisco Prime Infrastructure3.7.1 Update 06 – 3.7.1 Update 06
Cisco / Cisco Prime Infrastructure3.7.1 Update 07 – 3.7.1 Update 07
Cisco / Cisco Prime Infrastructure3.7.1 Update 03 – 3.7.1 Update 03
Cisco / Cisco Prime Infrastructure3.7.0 Update 03 – 3.7.0 Update 03
Cisco / Cisco Prime Infrastructure3.7.1 Update 01 – 3.7.1 Update 01
Cisco / Cisco Prime Infrastructure3.7.1 Update 02 – 3.7.1 Update 02
Cisco / Cisco Prime Infrastructure3.7.1 Update 05 – 3.7.1 Update 05
Cisco / Cisco Prime Infrastructure3.8.0 – 3.8.0
Cisco / Cisco Prime Infrastructure3.8.1 – 3.8.1
Cisco / Cisco Prime Infrastructure3.8.1 Update 02 – 3.8.1 Update 02
Cisco / Cisco Prime Infrastructure3.8.1 Update 04 – 3.8.1 Update 04
Cisco / Cisco Prime Infrastructure3.8.1 Update 01 – 3.8.1 Update 01
Cisco / Cisco Prime Infrastructure3.8.1 Update 03 – 3.8.1 Update 03
Cisco / Cisco Prime Infrastructure3.8.0 Update 01 – 3.8.0 Update 01
Cisco / Cisco Prime Infrastructure3.8.0 Update 02 – 3.8.0 Update 02
Cisco / Cisco Prime Infrastructure3.9.0 – 3.9.0
Cisco / Cisco Prime Infrastructure3.9.1 – 3.9.1
Cisco / Cisco Prime Infrastructure3.9.1 Update 02 – 3.9.1 Update 02
Cisco / Cisco Prime Infrastructure3.9.1 Update 03 – 3.9.1 Update 03
Cisco / Cisco Prime Infrastructure3.9.1 Update 01 – 3.9.1 Update 01
Cisco / Cisco Prime Infrastructure3.9.1 Update 04 – 3.9.1 Update 04
Cisco / Cisco Prime Infrastructure3.9.0 Update 01 – 3.9.0 Update 01
Cisco / Cisco Prime Infrastructure3.10.0 – 3.10.0
Cisco / Cisco Prime Infrastructure3.10.3 – 3.10.3
Cisco / Cisco Prime Infrastructure3.10.1 – 3.10.1
Cisco / Cisco Prime Infrastructure3.10.2 – 3.10.2
Cisco / Cisco Prime Infrastructure3.10 Update 01 – 3.10 Update 01
Cisco / Cisco Prime Infrastructure3.10.4 – 3.10.4
Cisco / Cisco Prime Infrastructure3.10.4 Update 01 – 3.10.4 Update 01

References

VENDOR_ADVISORYhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq