cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20657,https://securityvulnerability.io/vulnerability/CVE-2022-20657,Cisco PI and EPNMWeb-Based Management Interface Vulnerability,"A cross-site scripting (XSS) vulnerability exists in the web-based management interface of Cisco Prime Infrastructure and Cisco Enhanced Packet Network Manager. This issue arises when the interface fails to properly validate user-supplied input, allowing potential exploitation by remote attackers. By convincing an interface user to click a crafted link, an attacker could execute arbitrary script code in the context of the user’s session. This could potentially allow attackers to access sensitive data and browser-based information pertaining to the affected device. Cisco has addressed this vulnerability through software updates, without any viable workarounds available.",Cisco,"Cisco Evolved Programmable Network Manager (epnm),Cisco Prime Infrastructure",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:39:33.492Z,0
CVE-2022-20656,https://securityvulnerability.io/vulnerability/CVE-2022-20656,Cisco PI and EPNM Web-Based Management Interface Vulnerability,"A vulnerability exists within the web-based management interface of certain Cisco products, which could enable an authenticated remote attacker to exploit directory traversal sequences in HTTPS URLs. By sending a specially crafted request, the attacker can manipulate directory paths and gain unauthorized access to system files. This could result in arbitrary file writes to the host system, potentially leading to significant exposure of sensitive information. Cisco has issued updates to remediate this vulnerability, and no alternative workarounds are available.",Cisco,"Cisco Evolved Programmable Network Manager (epnm),Cisco Prime Infrastructure",6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T15:36:09.274Z,0
CVE-2023-20260,https://securityvulnerability.io/vulnerability/CVE-2023-20260,Privilege Escalation Vulnerability in Cisco Prime Infrastructure & Cisco Evolved Programmable Network Manager,"A vulnerability exists in the application command line interface (CLI) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager that permits an authenticated, local attacker to escalate privileges. This issue arises from the improper handling of command line arguments supplied to application scripts. By executing specific commands on the CLI with crafted options, an attacker could potentially exploit this vulnerability, leading to elevated privileges akin to that of the root user on the underlying operating system, thereby compromising the security and integrity of the affected systems.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (epnm)",6,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-11-13T20:15:12.000Z,,false,false,,2024-01-17T16:57:33.285Z,0
CVE-2023-20271,https://securityvulnerability.io/vulnerability/CVE-2023-20271,SQL Injection Vulnerability in Cisco Management Interfaces,"A vulnerability exists in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager. This issue arises from insufficient validation of user-submitted parameters, enabling authenticated, remote attackers to execute SQL injection attacks. By sending specially crafted requests after successful authentication, attackers may gain unauthorized access to sensitive data stored within the database. Successful exploitation of this vulnerability can lead to the modification and extraction of confidential information, posing significant risks to system integrity and data confidentiality.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",6.5,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-01-17T16:56:25.553Z,0
CVE-2023-20257,https://securityvulnerability.io/vulnerability/CVE-2023-20257,Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure,"A vulnerability exists within the web-based management interface of Cisco Prime Infrastructure, allowing authenticated remote attackers to exploit it through cross-site scripting techniques. This issue arises from inadequate validation of user inputs processed by the management interface. By injecting malicious script or HTML content into requests, an attacker can manipulate the application, resulting in cross-site scripting attacks that could impact other users. The potential exploitation of this vulnerability significantly raises security concerns for organizations relying on Cisco Prime Infrastructure.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",4.8,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2024-01-17T16:55:42.034Z,0
CVE-2023-20201,https://securityvulnerability.io/vulnerability/CVE-2023-20201,Stored XSS Vulnerability in Cisco Prime Infrastructure and Evolved Programmable Network Manager,"Cisco's web-based management interfaces for Prime Infrastructure and Evolved Programmable Network Manager are exposed to multiple vulnerabilities. These issues arise from inadequate validation of user-supplied input, allowing an authenticated remote attacker to execute a stored XSS attack. An attacker may entice a valid user to access a compromised page containing malicious HTML or JavaScript. Successful exploitation could lead to arbitrary script execution within the context of the user's session, potentially exposing sensitive browser-based information.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20222,https://securityvulnerability.io/vulnerability/CVE-2023-20222,Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure and Evolved Programmable Network Manager,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) allows an unauthenticated, remote attacker to initiate a cross-site scripting (XSS) attack. This type of vulnerability arises from inadequate validation of user-supplied input within the interface. Attackers can exploit this issue by injecting malicious scripts into specific pages of the interface, potentially enabling them to execute arbitrary code in the context of the user's session. As a result, sensitive information stored in the browser may be exposed, creating significant security concerns for users of the affected systems.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20203,https://securityvulnerability.io/vulnerability/CVE-2023-20203,Stored XSS Vulnerability in Cisco Prime Infrastructure and EPNM Management Interfaces,"Multiple vulnerabilities exist in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager, allowing authenticated remote attackers to execute stored cross-site scripting (XSS) attacks. These vulnerabilities arise from inadequate validation of user-supplied input, enabling attackers to craft pages with malicious HTML or script content. To exploit these vulnerabilities, an attacker must have valid authentication credentials, persuading users to access the altered pages. This exploit could lead to the execution of arbitrary script code in the affected interface's context, potentially exposing sensitive browser information.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20205,https://securityvulnerability.io/vulnerability/CVE-2023-20205,Stored Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure and EPNM,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) stem from inadequate validation of user-supplied input. An attacker with valid credentials can execute a stored cross-site scripting (XSS) attack by tricking a user to view a page that includes malicious HTML or script content. This exploit could allow the attacker to run arbitrary script code in the context of the affected interface, potentially accessing sensitive browser-based information.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2020-3272,https://securityvulnerability.io/vulnerability/CVE-2020-3272,Cisco Prime Network Registrar DHCP Denial of Service Vulnerability,"A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition.",Cisco,Cisco Prime Network Registrar,7.5,HIGH,0.0015899999998509884,false,,false,false,true,2024-08-04T08:16:32.000Z,,false,false,,2020-05-22T06:15:00.000Z,0
CVE-2020-3148,https://securityvulnerability.io/vulnerability/CVE-2020-3148,Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability,"A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An attacker could exploit this vulnerability by persuading a targeted user, with an active administrative session on the affected device, to click a malicious link. A successful exploit could allow an attacker to change the device's configuration, which could include the ability to edit or create user accounts of any privilege level. Some changes to the device's configuration could negatively impact the availability of networking services for other devices on networks managed by CPNR.",Cisco,Cisco Prime Network Registrar,7.1,HIGH,0.0007699999841861427,false,,false,false,true,2024-08-04T08:16:26.000Z,,false,false,,2020-03-04T00:00:00.000Z,0
CVE-2019-1852,https://securityvulnerability.io/vulnerability/CVE-2019-1852,Cisco Prime Network Registrar Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.",Cisco,Cisco Prime Network Registrar,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-04T19:16:14.000Z,,false,false,,2019-05-03T17:29:00.000Z,0
CVE-2019-1840,https://securityvulnerability.io/vulnerability/CVE-2019-1840,Cisco Prime Network Registrar Denial of Service Vulnerability,"A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the attacker to trigger a restart of the service which, if exploited repeatedly, might lead to a DoS condition. This vulnerability can only be exploited if the administrator of the server has previously installed custom extensions that attempt to modify the packet details before the packet has been processed. Note: Although the CVSS score matches a High SIR, this has been lowered to Medium because this condition will only affect an application that has customer-developed extensions that will attempt to modify packet parameters before the packet has been completely sanitized. If packet modification in a custom extension happens after the packet has been sanitized, the application will not be affected by this vulnerability. Software versions prior to 8.3(7) and 9.1(2) are affected.",Cisco,Cisco Prime Network Registrar,8.6,HIGH,0.0009399999980814755,false,,false,false,true,2024-08-04T19:16:13.000Z,,false,false,,2019-04-18T02:29:00.000Z,0
CVE-2018-0482,https://securityvulnerability.io/vulnerability/CVE-2018-0482,Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.",Cisco,Cisco Prime Network Control System,5.4,MEDIUM,0.0005499999970197678,false,,false,false,true,2024-08-05T04:15:23.000Z,,false,false,,2019-01-10T16:29:00.000Z,0
CVE-2018-0144,https://securityvulnerability.io/vulnerability/CVE-2018-0144,,"A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg81051.",Cisco,Cisco Prime Data Center Network Manager,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2018-03-08T07:00:00.000Z,0
CVE-2018-0137,https://securityvulnerability.io/vulnerability/CVE-2018-0137,,"A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP SYN packets to the local IP address of the targeted application. A successful exploit could allow the attacker to cause the device to consume a high amount of memory and become slow, or to stop accepting new TCP connections to the application. Cisco Bug IDs: CSCvg48152.",Cisco,Cisco Prime Network,8.6,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2018-02-08T07:00:00.000Z,0
CVE-2017-6732,https://securityvulnerability.io/vulnerability/CVE-2017-6732,,"A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2).",Cisco,Cisco Prime Network,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-07-10T20:00:00.000Z,0
CVE-2017-6726,https://securityvulnerability.io/vulnerability/CVE-2017-6726,,"A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.2(1.0)P1.",Cisco,Cisco Prime Network Gateway,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-07-10T20:00:00.000Z,0
CVE-2017-6698,https://securityvulnerability.io/vulnerability/CVE-2017-6698,,"A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B).",Cisco,Cisco Prime Infrastructure And Evolved Programmable Network Manager,5.4,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2017-07-04T00:00:00.000Z,0
CVE-2017-6700,https://securityvulnerability.io/vulnerability/CVE-2017-6700,,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24620 CSCvc49586. Known Affected Releases: 3.1(1) 2.0(4.0.45B).",Cisco,Cisco Prime Infrastructure And Evolved Programmable Network Manager,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2017-07-04T00:00:00.000Z,0
CVE-2017-6699,https://securityvulnerability.io/vulnerability/CVE-2017-6699,,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).",Cisco,Cisco Prime Infrastructure And Evolved Programmable Network Manager,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2017-07-04T00:00:00.000Z,0
CVE-2017-6662,https://securityvulnerability.io/vulnerability/CVE-2017-6662,,"A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries which could allow the attacker to read and write files and execute remote code within the application, aka XML Injection. Cisco Prime Infrastructure software releases 1.1 through 3.1.6 are vulnerable. Cisco EPNM software releases 1.2, 2.0, and 2.1 are vulnerable. Cisco Bug IDs: CSCvc23894 CSCvc49561.",Cisco,Cisco Prime Infrastructure And Evolved Programmable Network Manager,8,HIGH,0.014179999940097332,false,,false,false,false,,,false,false,,2017-06-26T07:00:00.000Z,0
CVE-2017-6640,https://securityvulnerability.io/vulnerability/CVE-2017-6640,,"A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346.",Cisco,Cisco Prime Data Center Network Manager Server Static Credential Vulnerability,9.8,CRITICAL,0.004989999812096357,false,,false,false,true,2020-03-11T15:32:44.000Z,true,false,false,,2017-06-08T13:00:00.000Z,0
CVE-2017-6639,https://securityvulnerability.io/vulnerability/CVE-2017-6639,,"A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961.",Cisco,Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability,9.8,CRITICAL,0.523419976234436,false,,false,false,false,,,false,false,,2017-06-08T13:00:00.000Z,0
CVE-2017-6613,https://securityvulnerability.io/vulnerability/CVE-2017-6613,,"A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the attacker to cause the DNS process to restart, which could lead to a DoS condition. This vulnerability affects Cisco Prime Network Registrar on all software versions prior to 8.3.5. Cisco Bug IDs: CSCvb55412.",Cisco,Cisco Prime Network Registrar,5.8,MEDIUM,0.0016499999910593033,false,,false,false,false,,,false,false,,2017-04-20T22:00:00.000Z,0