cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-20657,https://securityvulnerability.io/vulnerability/CVE-2022-20657,Cisco PI and EPNMWeb-Based Management Interface Vulnerability,"A cross-site scripting (XSS) vulnerability exists in the web-based management interface of Cisco Prime Infrastructure and Cisco Enhanced Packet Network Manager. This issue arises when the interface fails to properly validate user-supplied input, allowing potential exploitation by remote attackers. By convincing an interface user to click a crafted link, an attacker could execute arbitrary script code in the context of the user’s session. This could potentially allow attackers to access sensitive data and browser-based information pertaining to the affected device. Cisco has addressed this vulnerability through software updates, without any viable workarounds available.",Cisco,"Cisco Evolved Programmable Network Manager (epnm),Cisco Prime Infrastructure",6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-15T15:39:33.492Z,0
CVE-2022-20656,https://securityvulnerability.io/vulnerability/CVE-2022-20656,Cisco PI and EPNM Web-Based Management Interface Vulnerability,"A vulnerability exists within the web-based management interface of certain Cisco products, which could enable an authenticated remote attacker to exploit directory traversal sequences in HTTPS URLs. By sending a specially crafted request, the attacker can manipulate directory paths and gain unauthorized access to system files. This could result in arbitrary file writes to the host system, potentially leading to significant exposure of sensitive information. Cisco has issued updates to remediate this vulnerability, and no alternative workarounds are available.",Cisco,"Cisco Evolved Programmable Network Manager (epnm),Cisco Prime Infrastructure",6.5,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-11-15T15:36:09.274Z,0
CVE-2023-20260,https://securityvulnerability.io/vulnerability/CVE-2023-20260,Privilege Escalation Vulnerability in Cisco Prime Infrastructure & Cisco Evolved Programmable Network Manager,"A vulnerability exists in the application command line interface (CLI) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager that permits an authenticated, local attacker to escalate privileges. This issue arises from the improper handling of command line arguments supplied to application scripts. By executing specific commands on the CLI with crafted options, an attacker could potentially exploit this vulnerability, leading to elevated privileges akin to that of the root user on the underlying operating system, thereby compromising the security and integrity of the affected systems.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (epnm)",6,MEDIUM,0.0004199999966658652,false,false,false,true,,false,false,2024-01-17T16:57:33.285Z,0
CVE-2023-20258,https://securityvulnerability.io/vulnerability/CVE-2023-20258,Command Execution Vulnerability in Cisco Prime Infrastructure,"A security flaw exists in the web-based management interface of Cisco Prime Infrastructure that could enable an authenticated remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability arises from the inadequate processing of serialized Java objects within the application. Attacks may involve uploading a document imbued with malicious serialized Java objects that the application processes. If successfully exploited, this could permit the attacker to compel the application into executing unintended commands on the system, leading to potential unauthorized access and operational disruptions.",Cisco,Cisco Prime Infrastructure,6.5,MEDIUM,0.0009800000116229057,false,false,false,false,,false,false,2024-01-17T16:56:57.318Z,0
CVE-2023-20271,https://securityvulnerability.io/vulnerability/CVE-2023-20271,SQL Injection Vulnerability in Cisco Management Interfaces,"A vulnerability exists in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager. This issue arises from insufficient validation of user-submitted parameters, enabling authenticated, remote attackers to execute SQL injection attacks. By sending specially crafted requests after successful authentication, attackers may gain unauthorized access to sensitive data stored within the database. Successful exploitation of this vulnerability can lead to the modification and extraction of confidential information, posing significant risks to system integrity and data confidentiality.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",6.5,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2024-01-17T16:56:25.553Z,0
CVE-2023-20257,https://securityvulnerability.io/vulnerability/CVE-2023-20257,Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure,"A vulnerability exists within the web-based management interface of Cisco Prime Infrastructure, allowing authenticated remote attackers to exploit it through cross-site scripting techniques. This issue arises from inadequate validation of user inputs processed by the management interface. By injecting malicious script or HTML content into requests, an attacker can manipulate the application, resulting in cross-site scripting attacks that could impact other users. The potential exploitation of this vulnerability significantly raises security concerns for organizations relying on Cisco Prime Infrastructure.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",4.8,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-01-17T16:55:42.034Z,0
CVE-2023-20222,https://securityvulnerability.io/vulnerability/CVE-2023-20222,,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device.
 The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",6.1,MEDIUM,0.0011699999449774623,false,false,false,false,,false,false,2023-08-16T22:15:00.000Z,0
CVE-2023-20205,https://securityvulnerability.io/vulnerability/CVE-2023-20205,,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
 These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-08-16T22:15:00.000Z,0
CVE-2023-20201,https://securityvulnerability.io/vulnerability/CVE-2023-20201,,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
 These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-08-16T22:15:00.000Z,0
CVE-2023-20203,https://securityvulnerability.io/vulnerability/CVE-2023-20203,,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
 These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-08-16T22:15:00.000Z,0
CVE-2023-20068,https://securityvulnerability.io/vulnerability/CVE-2023-20068,Cisco Prime Infrastructure Reflected Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface on an affected device to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.",Cisco,Cisco Prime Infrastructure,6.1,MEDIUM,0.0013599999947473407,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20127,https://securityvulnerability.io/vulnerability/CVE-2023-20127,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Prime Infrastructure,6.5,MEDIUM,0.0008999999845400453,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20129,https://securityvulnerability.io/vulnerability/CVE-2023-20129,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Prime Infrastructure,6.5,MEDIUM,0.0011599999852478504,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20130,https://securityvulnerability.io/vulnerability/CVE-2023-20130,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Prime Infrastructure,6.5,MEDIUM,0.000750000006519258,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20131,https://securityvulnerability.io/vulnerability/CVE-2023-20131,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Prime Infrastructure,6.5,MEDIUM,0.0006600000197067857,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20069,https://securityvulnerability.io/vulnerability/CVE-2023-20069,Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device.",Cisco,Cisco Prime Infrastructure,5.4,MEDIUM,0.0006600000197067857,false,false,false,true,,false,false,2023-03-03T00:00:00.000Z,0
CVE-2022-20659,https://securityvulnerability.io/vulnerability/CVE-2022-20659,Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Prime Infrastructure,6.1,MEDIUM,0.0014700000174343586,false,false,false,true,,false,false,2022-02-17T00:00:00.000Z,0
CVE-2021-34784,https://securityvulnerability.io/vulnerability/CVE-2021-34784,Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Prime Infrastructure,5.4,MEDIUM,0.0006600000197067857,false,false,false,true,,false,false,2021-11-04T16:15:00.000Z,0
CVE-2021-34733,https://securityvulnerability.io/vulnerability/CVE-2021-34733,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability,"A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.",Cisco,Cisco Prime Infrastructure,5.5,MEDIUM,0.0004199999966658652,false,false,false,true,,false,false,2021-09-02T03:15:00.000Z,0
CVE-2021-1487,https://securityvulnerability.io/vulnerability/CVE-2021-1487,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with the permissions of a special non-root user. In this way, an attacker could take control of the affected system, which would allow them to obtain and alter sensitive data. The attacker could also affect the devices that are managed by the affected system by pushing arbitrary configuration files, retrieving device credentials and confidential information, and ultimately undermining the stability of the devices, causing a denial of service (DoS) condition.",Cisco,Cisco Prime Infrastructure,8.8,HIGH,0.0012600000482052565,false,false,false,true,,false,false,2021-05-22T07:15:00.000Z,0
CVE-2020-3339,https://securityvulnerability.io/vulnerability/CVE-2020-3339,Cisco Prime Infrastructure SQL Injection Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.",Cisco,Cisco Prime Infrastructure,5.4,MEDIUM,0.000699999975040555,false,false,false,true,,false,false,2020-06-03T00:00:00.000Z,0
CVE-2019-15958,https://securityvulnerability.io/vulnerability/CVE-2019-15958,Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability,A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.,Cisco,Cisco Prime Infrastructure,8.1,HIGH,0.0061900001019239426,false,false,false,true,,false,false,2019-11-26T03:15:00.000Z,0
CVE-2019-12713,https://securityvulnerability.io/vulnerability/CVE-2019-12713,Cisco Prime Infrastructure Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Prime Infrastructure,6.1,MEDIUM,0.001509999972768128,false,false,false,true,,false,false,2019-10-02T00:00:00.000Z,0
CVE-2019-12712,https://securityvulnerability.io/vulnerability/CVE-2019-12712,Cisco Prime Infrastructure Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input in multiple sections of the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Prime Infrastructure,6.1,MEDIUM,0.001509999972768128,false,false,false,true,,false,false,2019-10-02T00:00:00.000Z,0
CVE-2019-1906,https://securityvulnerability.io/vulnerability/CVE-2019-1906,Cisco Prime Infrastructure Virtual Domain Privilege Escalation Vulnerability,"A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges.",Cisco,Cisco Prime Infrastructure,4.3,MEDIUM,0.0007099999929778278,false,false,false,true,,false,false,2019-06-20T03:15:00.000Z,0