Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-20130
HistoryApr 05, 2023 - 6:15 p.m.

CVE-2023-20130

2023-04-0518:15:07
CWE-27
CWE-352
[email protected]
web.nvd.nist.gov
3
cisco
prime infrastructure
epnm
web-based
management
interface
remote attacker
privileged information
cross-site scripting
cross-site request forgery
vulnerabilities
advisory

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

Nvd
Node
ciscoprime_infrastructureRange3.7
OR
ciscoprime_infrastructureRange3.103.10.2
OR
ciscoprime_infrastructureMatch3.8
OR
ciscoprime_infrastructureMatch3.8.1-
OR
ciscoprime_infrastructureMatch3.9
OR
ciscoprime_infrastructureMatch3.9.1-
Node
ciscoevolved_programmable_network_managerRange<5.0.2.5
OR
ciscoevolved_programmable_network_managerRange5.15.1.4.2
OR
ciscoevolved_programmable_network_managerRange6.06.0.2.1
OR
ciscoevolved_programmable_network_managerRange6.16.1.1.1
VendorProductVersionCPE
ciscoprime_infrastructure*cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
ciscoprime_infrastructure3.8cpe:2.3:a:cisco:prime_infrastructure:3.8:*:*:*:*:*:*:*
ciscoprime_infrastructure3.8.1cpe:2.3:a:cisco:prime_infrastructure:3.8.1:-:*:*:*:*:*:*
ciscoprime_infrastructure3.9cpe:2.3:a:cisco:prime_infrastructure:3.9:*:*:*:*:*:*:*
ciscoprime_infrastructure3.9.1cpe:2.3:a:cisco:prime_infrastructure:3.9.1:-:*:*:*:*:*:*
ciscoevolved_programmable_network_manager*cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*

Related

prion 1
cvelist 1
cve 1
cisco 1
nessus 2
prion
prion
Cross site request forgery (csrf)
2023-04-05 18:15:00
cvelist
cvelist
CVE-2023-20130 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities
2023-04-05 00:00:00
cve
cve
CVE-2023-20130
2023-04-05 18:15:07
cisco
cisco
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities
2023-04-05 16:00:00
nessus
nessus
Cisco Evolved Programmable Network Manager Multiple Vulnerabilities (cisco-sa-pi-epnm-eRPWAXLe)
2023-04-06 00:00:00
Cisco Prime Infrastructure Multiple Vulnerabilities (cisco-sa-pi-epnm-eRPWAXLe)
2023-04-06 00:00:00

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON
Related for NVD:CVE-2023-20130
prion1cvelist1cve1cisco1nessus2