PT-2023-2178 · Cisco · Cisco Evolved Programmable Network Manager+1
Published
2023-04-05
·
Updated
2023-04-11
·
CVE-2023-20127
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Prime Infrastructure (affected versions not specified)
Cisco Evolved Programmable Network Manager (EPNM) (affected versions not specified)
Description
The issue is related to the web-based management interface of the affected systems, allowing a remote attacker to obtain privileged information. It also enables cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.
Recommendations
For Cisco Prime Infrastructure, update to a version that addresses the issue.
For Cisco Evolved Programmable Network Manager (EPNM), update to a version that addresses the issue.
As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Evolved Programmable Network Manager
Cisco Prime Infrastructure