Matteo Piciarelli

**Name of the Vulnerable Software and Affected Versions** Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure (affected versions not specified) **Description** A vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure. This issue could allow an authenticated, remote attacker to obtain sensitive information from an affected system due to improper validation of requests to `API endpoints`. A successful exploit could allow a low-privileged user to view sensitive configuration information that should be restricted. An attacker must have access as a low-privileged user to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure (affected versions not specified) **Description** A vulnerability exists in the web-based management interface that could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users. The issue is due to improper validation of user-supplied input. A successful exploit could allow the attacker to execute arbitrary script code or access sensitive, browser-based information. An attacker must have valid administrative credentials to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Evolved Programmable Network Manager (EPNM) (affected versions not specified) **Description** A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) may allow an authenticated, remote attacker to upload arbitrary files to an affected device. This issue is due to improper validation of files uploaded to the web-based management interface. An attacker could exploit this by sending a crafted file upload request to a specific `API endpoint`. A successful exploit could allow the attacker to upload arbitrary files to an affected system. An attacker must have valid Config Managers credentials on the affected device to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure (affected versions not specified) Description: A vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure. This issue could allow an authenticated, low-privileged, remote attacker to retrieve arbitrary files from the underlying file system on an affected device. The vulnerability is due to insufficient input validation for specific HTTP requests. An attacker could exploit this issue by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to access sensitive files from the affected device. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.