PT-2025-35806 · Cisco · Cisco Prime Infrastructure+1
Matteo Piciarelli
+1
·
Published
2025-09-03
·
Updated
2025-09-09
·
CVE-2025-20270
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure (affected versions not specified)
Description
A vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure. This issue could allow an authenticated, remote attacker to obtain sensitive information from an affected system due to improper validation of requests to
API endpoints. A successful exploit could allow a low-privileged user to view sensitive configuration information that should be restricted. An attacker must have access as a low-privileged user to exploit this vulnerability.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Evolved Programmable Network Manager
Cisco Prime Infrastructure