cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20657,https://securityvulnerability.io/vulnerability/CVE-2022-20657,Cisco PI and EPNMWeb-Based Management Interface Vulnerability,"A cross-site scripting (XSS) vulnerability exists in the web-based management interface of Cisco Prime Infrastructure and Cisco Enhanced Packet Network Manager. This issue arises when the interface fails to properly validate user-supplied input, allowing potential exploitation by remote attackers. By convincing an interface user to click a crafted link, an attacker could execute arbitrary script code in the context of the user’s session. This could potentially allow attackers to access sensitive data and browser-based information pertaining to the affected device. Cisco has addressed this vulnerability through software updates, without any viable workarounds available.",Cisco,"Cisco Evolved Programmable Network Manager (epnm),Cisco Prime Infrastructure",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:39:33.492Z,0
CVE-2022-20656,https://securityvulnerability.io/vulnerability/CVE-2022-20656,Cisco PI and EPNM Web-Based Management Interface Vulnerability,"A vulnerability exists within the web-based management interface of certain Cisco products, which could enable an authenticated remote attacker to exploit directory traversal sequences in HTTPS URLs. By sending a specially crafted request, the attacker can manipulate directory paths and gain unauthorized access to system files. This could result in arbitrary file writes to the host system, potentially leading to significant exposure of sensitive information. Cisco has issued updates to remediate this vulnerability, and no alternative workarounds are available.",Cisco,"Cisco Evolved Programmable Network Manager (epnm),Cisco Prime Infrastructure",6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T15:36:09.274Z,0
CVE-2023-20260,https://securityvulnerability.io/vulnerability/CVE-2023-20260,Privilege Escalation Vulnerability in Cisco Prime Infrastructure & Cisco Evolved Programmable Network Manager,"A vulnerability exists in the application command line interface (CLI) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager that permits an authenticated, local attacker to escalate privileges. This issue arises from the improper handling of command line arguments supplied to application scripts. By executing specific commands on the CLI with crafted options, an attacker could potentially exploit this vulnerability, leading to elevated privileges akin to that of the root user on the underlying operating system, thereby compromising the security and integrity of the affected systems.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (epnm)",6,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-11-13T20:15:12.000Z,,false,false,,2024-01-17T16:57:33.285Z,0
CVE-2023-20271,https://securityvulnerability.io/vulnerability/CVE-2023-20271,SQL Injection Vulnerability in Cisco Management Interfaces,"A vulnerability exists in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager. This issue arises from insufficient validation of user-submitted parameters, enabling authenticated, remote attackers to execute SQL injection attacks. By sending specially crafted requests after successful authentication, attackers may gain unauthorized access to sensitive data stored within the database. Successful exploitation of this vulnerability can lead to the modification and extraction of confidential information, posing significant risks to system integrity and data confidentiality.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",6.5,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-01-17T16:56:25.553Z,0
CVE-2023-20257,https://securityvulnerability.io/vulnerability/CVE-2023-20257,Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure,"A vulnerability exists within the web-based management interface of Cisco Prime Infrastructure, allowing authenticated remote attackers to exploit it through cross-site scripting techniques. This issue arises from inadequate validation of user inputs processed by the management interface. By injecting malicious script or HTML content into requests, an attacker can manipulate the application, resulting in cross-site scripting attacks that could impact other users. The potential exploitation of this vulnerability significantly raises security concerns for organizations relying on Cisco Prime Infrastructure.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",4.8,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2024-01-17T16:55:42.034Z,0
CVE-2023-20203,https://securityvulnerability.io/vulnerability/CVE-2023-20203,Stored XSS Vulnerability in Cisco Prime Infrastructure and EPNM Management Interfaces,"Multiple vulnerabilities exist in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager, allowing authenticated remote attackers to execute stored cross-site scripting (XSS) attacks. These vulnerabilities arise from inadequate validation of user-supplied input, enabling attackers to craft pages with malicious HTML or script content. To exploit these vulnerabilities, an attacker must have valid authentication credentials, persuading users to access the altered pages. This exploit could lead to the execution of arbitrary script code in the affected interface's context, potentially exposing sensitive browser information.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20201,https://securityvulnerability.io/vulnerability/CVE-2023-20201,Stored XSS Vulnerability in Cisco Prime Infrastructure and Evolved Programmable Network Manager,"Cisco's web-based management interfaces for Prime Infrastructure and Evolved Programmable Network Manager are exposed to multiple vulnerabilities. These issues arise from inadequate validation of user-supplied input, allowing an authenticated remote attacker to execute a stored XSS attack. An attacker may entice a valid user to access a compromised page containing malicious HTML or JavaScript. Successful exploitation could lead to arbitrary script execution within the context of the user's session, potentially exposing sensitive browser-based information.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20222,https://securityvulnerability.io/vulnerability/CVE-2023-20222,Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure and Evolved Programmable Network Manager,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) allows an unauthenticated, remote attacker to initiate a cross-site scripting (XSS) attack. This type of vulnerability arises from inadequate validation of user-supplied input within the interface. Attackers can exploit this issue by injecting malicious scripts into specific pages of the interface, potentially enabling them to execute arbitrary code in the context of the user's session. As a result, sensitive information stored in the browser may be exposed, creating significant security concerns for users of the affected systems.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20205,https://securityvulnerability.io/vulnerability/CVE-2023-20205,Stored Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure and EPNM,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) stem from inadequate validation of user-supplied input. An attacker with valid credentials can execute a stored cross-site scripting (XSS) attack by tricking a user to view a page that includes malicious HTML or script content. This exploit could allow the attacker to run arbitrary script code in the context of the affected interface, potentially accessing sensitive browser-based information.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2021-34707,https://securityvulnerability.io/vulnerability/CVE-2021-34707,Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability,"A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application.",Cisco,Cisco Evolved Programmable Network Manager (epnm),6.5,MEDIUM,0.001560000004246831,false,,false,false,true,2024-08-04T02:15:20.000Z,,false,false,,2021-08-04T00:00:00.000Z,0
CVE-2017-6698,https://securityvulnerability.io/vulnerability/CVE-2017-6698,,"A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B).",Cisco,Cisco Prime Infrastructure And Evolved Programmable Network Manager,5.4,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2017-07-04T00:00:00.000Z,0
CVE-2017-6699,https://securityvulnerability.io/vulnerability/CVE-2017-6699,,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).",Cisco,Cisco Prime Infrastructure And Evolved Programmable Network Manager,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2017-07-04T00:00:00.000Z,0
CVE-2017-6700,https://securityvulnerability.io/vulnerability/CVE-2017-6700,,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24620 CSCvc49586. Known Affected Releases: 3.1(1) 2.0(4.0.45B).",Cisco,Cisco Prime Infrastructure And Evolved Programmable Network Manager,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2017-07-04T00:00:00.000Z,0
CVE-2017-6662,https://securityvulnerability.io/vulnerability/CVE-2017-6662,,"A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries which could allow the attacker to read and write files and execute remote code within the application, aka XML Injection. Cisco Prime Infrastructure software releases 1.1 through 3.1.6 are vulnerable. Cisco EPNM software releases 1.2, 2.0, and 2.1 are vulnerable. Cisco Bug IDs: CSCvc23894 CSCvc49561.",Cisco,Cisco Prime Infrastructure And Evolved Programmable Network Manager,8,HIGH,0.014179999940097332,false,,false,false,false,,,false,false,,2017-06-26T07:00:00.000Z,0
CVE-2017-3884,https://securityvulnerability.io/vulnerability/CVE-2017-3884,,"A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).",Cisco,Cisco Prime Infrastructure And Cisco Evolved Programmable Network Manager,6.5,MEDIUM,0.0011399999493733048,false,,false,false,false,,,false,false,,2017-04-07T17:00:00.000Z,0
CVE-2016-6443,https://securityvulnerability.io/vulnerability/CVE-2016-6443,,"A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A).",Cisco,"Cisco Prime Infrastructure And Evolved Programmable Network Manager 3.1(0.128), 1.2(400), 2.0(1.0.34a)",8.8,HIGH,0.002730000065639615,false,,false,false,false,,,false,false,,2016-10-27T21:00:00.000Z,0
CVE-2016-1406,https://securityvulnerability.io/vulnerability/CVE-2016-1406,,"The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.",Cisco,"Evolved Programmable Network Manager,Prime Infrastructure",8.8,HIGH,0.00139999995008111,false,,false,false,false,,,false,false,,2016-05-25T01:00:00.000Z,0
CVE-2016-1291,https://securityvulnerability.io/vulnerability/CVE-2016-1291,,"Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.",Cisco,"Prime Infrastructure,Opensolaris,Evolved Programmable Network Manager",9.8,CRITICAL,0.03369000181555748,false,,false,false,false,,,false,false,,2016-04-06T23:59:00.000Z,0
CVE-2016-1290,https://securityvulnerability.io/vulnerability/CVE-2016-1290,,"The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.",Cisco,"Prime Infrastructure,Opensolaris,Evolved Programmable Network Manager",8.1,HIGH,0.0012000000569969416,false,,false,false,false,,,false,false,,2016-04-06T23:59:00.000Z,0