CVE-2023-20271

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure (affected versions not specified) Cisco Evolved Programmable Network Manager (EPNM) (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This is due to improper validation of user-submitted parameters. An attacker could exploit this by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information stored in the underlying database.

Recommendations For Cisco Prime Infrastructure, update to a version that includes the fix for this issue. For Cisco Evolved Programmable Network Manager (EPNM), update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using user-submitted parameters in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.