CVE-2022-20656

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions (affected versions not specified) Cisco Evolved Programmable Network Manager versions (affected versions not specified)

Description The issue is related to insufficient input validation of the HTTPS URL by the web-based management interface, allowing an authenticated, remote attacker to conduct a path traversal attack. This could enable the attacker to write arbitrary files to the host system. The attacker must have valid credentials on the system to exploit this vulnerability.

Recommendations For Cisco Prime Infrastructure, update to a version that includes the software updates released by Cisco to address this issue. For Cisco Evolved Programmable Network Manager, update to a version that includes the software updates released by Cisco to address this issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.