CVE-2023-20258

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions (affected versions not specified) Cisco Evolved Programmable Network (EPN) Manager versions (affected versions not specified)

Description The issue is related to improper processing of objects in memory, specifically serialized Java objects, in the web-based management interface of the affected systems. This could allow a remote attacker to execute arbitrary commands on the underlying operating system. An attacker could exploit this by uploading a document containing malicious serialized Java objects to be processed by the affected application.

Recommendations For Cisco Prime Infrastructure, consider restricting access to the web-based management interface until a fix is available. For Cisco Evolved Programmable Network (EPN) Manager, avoid using the vulnerable web-based management interface until the issue is resolved. As a temporary workaround, consider disabling the upload of documents to the affected application until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.