Lucene search

[email protected]CVE-2023-20127

HistoryApr 05, 2023 - 6:15 p.m.

CVE-2023-20127

2023-04-0518:15:07

CWE-27

[email protected]

web.nvd.nist.gov

cve

2023

20127

cisco

prime infrastructure

epnm

web-based

management interface

remote attacker

privileged information

cross-site scripting

xss

cross-site request forgery

csrf

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.0%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

NVD

Node

ciscoprime_infrastructureRange≤3.7

ciscoprime_infrastructureRange3.10–3.10.2

ciscoprime_infrastructureMatch3.8

ciscoprime_infrastructureMatch3.8.1-

ciscoprime_infrastructureMatch3.9

ciscoprime_infrastructureMatch3.9.1-

CPENameOperatorVersion
cisco:prime_infrastructurecisco prime infrastructurele3.7
cisco:prime_infrastructurecisco prime infrastructurelt3.10.2
cisco:prime_infrastructurecisco prime infrastructureeq3.8
cisco:prime_infrastructurecisco prime infrastructureeq3.8.1
cisco:prime_infrastructurecisco prime infrastructureeq3.9
cisco:prime_infrastructurecisco prime infrastructureeq3.9.1

CPE	Name	Operator	Version
cisco:prime_infrastructure	cisco prime infrastructure	le	3.7
cisco:prime_infrastructure	cisco prime infrastructure	lt	3.10.2
cisco:prime_infrastructure	cisco prime infrastructure	eq	3.8
cisco:prime_infrastructure	cisco prime infrastructure	eq	3.8.1
cisco:prime_infrastructure	cisco prime infrastructure	eq	3.9
cisco:prime_infrastructure	cisco prime infrastructure	eq	3.9.1

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Prime Infrastructure ",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]