cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-20657,https://securityvulnerability.io/vulnerability/CVE-2022-20657,Cisco PI and EPNMWeb-Based Management Interface Vulnerability,"A cross-site scripting (XSS) vulnerability exists in the web-based management interface of Cisco Prime Infrastructure and Cisco Enhanced Packet Network Manager. This issue arises when the interface fails to properly validate user-supplied input, allowing potential exploitation by remote attackers. By convincing an interface user to click a crafted link, an attacker could execute arbitrary script code in the context of the user’s session. This could potentially allow attackers to access sensitive data and browser-based information pertaining to the affected device. Cisco has addressed this vulnerability through software updates, without any viable workarounds available.",Cisco,"Cisco Evolved Programmable Network Manager (epnm),Cisco Prime Infrastructure",6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-15T15:39:33.492Z,0
CVE-2022-20656,https://securityvulnerability.io/vulnerability/CVE-2022-20656,Cisco PI and EPNM Web-Based Management Interface Vulnerability,"A vulnerability exists within the web-based management interface of certain Cisco products, which could enable an authenticated remote attacker to exploit directory traversal sequences in HTTPS URLs. By sending a specially crafted request, the attacker can manipulate directory paths and gain unauthorized access to system files. This could result in arbitrary file writes to the host system, potentially leading to significant exposure of sensitive information. Cisco has issued updates to remediate this vulnerability, and no alternative workarounds are available.",Cisco,"Cisco Evolved Programmable Network Manager (epnm),Cisco Prime Infrastructure",6.5,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-11-15T15:36:09.274Z,0
CVE-2023-20260,https://securityvulnerability.io/vulnerability/CVE-2023-20260,Privilege Escalation Vulnerability in Cisco Prime Infrastructure & Cisco Evolved Programmable Network Manager,"A vulnerability exists in the application command line interface (CLI) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager that permits an authenticated, local attacker to escalate privileges. This issue arises from the improper handling of command line arguments supplied to application scripts. By executing specific commands on the CLI with crafted options, an attacker could potentially exploit this vulnerability, leading to elevated privileges akin to that of the root user on the underlying operating system, thereby compromising the security and integrity of the affected systems.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (epnm)",6,MEDIUM,0.0004199999966658652,false,false,false,true,,false,false,2024-01-17T16:57:33.285Z,0
CVE-2023-20271,https://securityvulnerability.io/vulnerability/CVE-2023-20271,SQL Injection Vulnerability in Cisco Management Interfaces,"A vulnerability exists in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager. This issue arises from insufficient validation of user-submitted parameters, enabling authenticated, remote attackers to execute SQL injection attacks. By sending specially crafted requests after successful authentication, attackers may gain unauthorized access to sensitive data stored within the database. Successful exploitation of this vulnerability can lead to the modification and extraction of confidential information, posing significant risks to system integrity and data confidentiality.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",6.5,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2024-01-17T16:56:25.553Z,0
CVE-2023-20257,https://securityvulnerability.io/vulnerability/CVE-2023-20257,Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure,"A vulnerability exists within the web-based management interface of Cisco Prime Infrastructure, allowing authenticated remote attackers to exploit it through cross-site scripting techniques. This issue arises from inadequate validation of user inputs processed by the management interface. By injecting malicious script or HTML content into requests, an attacker can manipulate the application, resulting in cross-site scripting attacks that could impact other users. The potential exploitation of this vulnerability significantly raises security concerns for organizations relying on Cisco Prime Infrastructure.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",4.8,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-01-17T16:55:42.034Z,0
CVE-2023-20201,https://securityvulnerability.io/vulnerability/CVE-2023-20201,,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
 These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-08-16T22:15:00.000Z,0
CVE-2023-20203,https://securityvulnerability.io/vulnerability/CVE-2023-20203,,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
 These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-08-16T22:15:00.000Z,0
CVE-2023-20205,https://securityvulnerability.io/vulnerability/CVE-2023-20205,,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
 These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-08-16T22:15:00.000Z,0
CVE-2023-20222,https://securityvulnerability.io/vulnerability/CVE-2023-20222,,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device.
 The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",6.1,MEDIUM,0.0011699999449774623,false,false,false,false,,false,false,2023-08-16T22:15:00.000Z,0
CVE-2021-34707,https://securityvulnerability.io/vulnerability/CVE-2021-34707,Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability,"A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application.",Cisco,Cisco Evolved Programmable Network Manager (epnm),6.5,MEDIUM,0.001560000004246831,false,false,false,true,,false,false,2021-08-04T00:00:00.000Z,0