Cisco upgraded three remote code execution (RCE) vulnerabilities impacting the web management interfaces to critical severity with a
CVSS base score of 9.8 after initially rating them as high with a base score of 8.8 when the advisories were first published on May 15.
Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager are
network management tools used by administrators "for provisioning, monitoring, optimizing, and troubleshooting both wired and wireless devices."
According to Cisco's security advisory published on May 15 and updated on May 16, the critical vulnerabilities exist "because the software improperly validates user-supplied input" and they can be remotely exploited by potential attackers to gain the ability to execute arbitrary code with "root-level privileges on the underlying operating system."
...
...