Cisco Prime Network Analysis Module Security Advisories

Number: AV16-089
Date: 02 June 2016

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address multiple vulnerabilities:

• Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
• Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability
• Cisco Prime Network Analysis Module Authenticated Remote Code Execution Vulnerability
• Cisco Prime Network Analysis Module Local Command Injection Vulnerability

CVE References: CVE-2016-1370, CVE-2016-1388, CVE-2016-1390, CVE-2016-1391

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime1
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime2
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime3