Lucene search
K
CiscoEvolved Programmable Network Manager

51 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6830 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2019/05/16 1:10 a.m.226 views

CVE-2019-1821

CVE-2019-1821 affects Cisco Prime Infrastructure (PI) / Evolved Programmable Network Manager (EPNM) Health Monitor HA components. The issue is a TarArchive Directory Traversal in the Health Monitor’s upload path that allows a remote attacker to trigger arbitrary commands via the UploadServlet (th...

10CVSS8.2AI score0.98092EPSS
In wildWeb
CVE
CVE
added 2024/11/15 3:36 p.m.105 views

CVE-2022-20656

CVE-2022-20656 affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM). The issue is in the web-based management interface where insufficient input validation of the HTTPS URL allows an authenticated, remote attacker to perform a path traversal attack, potent...

6.5CVSS6.6AI score0.01649EPSS
CVE
CVE
added 2021/05/22 6:45 a.m.92 views

CVE-2021-1487

Cisco CVE-2021-1487 affects Cisco Prime Infrastructure and Cisco EPN Manager. The web-based management interface fails to sufficiently validate user input, enabling an authenticated remote attacker to inject commands and execute them on the underlying OS with the permissions of a non-root user. I...

9CVSS9.1AI score0.02115EPSS
CVE
CVE
added 2021/05/22 6:40 a.m.91 views

CVE-2021-1306

CVE-2021-1306 is a local file inclusion vulnerability in the restricted shell of Cisco EPN Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure. An authenticated shell user can exploit improper validation of CLI parameters to identify directories and write arbitrary files...

4.4CVSS4.4AI score0.00212EPSS
CVE
CVE
added 2024/11/15 3:39 p.m.91 views

CVE-2022-20657

The CVE-2022-20657 issue affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) where the web-based management interface does not adequately validate user input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack. An ...

6.1CVSS6.4AI score0.00496EPSS
CVE
CVE
added 2022/02/17 3:0 p.m.88 views

CVE-2022-20659

Cisco Prime Infrastructure and Cisco EPN Manager contain a cross-site scripting (XSS) vulnerability in the web-based management interface caused by improper input validation. An unauthenticated, remote attacker could entice a user to click a crafted link, potentially executing arbitrary script co...

6.1CVSS6.1AI score0.01233EPSS
CVE
CVE
added 2019/11/26 3:11 a.m.85 views

CVE-2019-15958

CVE-2019-15958 affects Cisco Prime Infrastructure (PI) and Cisco EPNM. A REST API input-validation flaw during High Availability (HA) configuration/registration allows an unauthenticated remote attacker to upload a malicious file and execute arbitrary code with root privileges on the underlying O...

10CVSS8.9AI score0.03286EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.84 views

CVE-2023-20069

Cisco CVE-2023-20069 affects the web-based management interfaces of Cisco Prime Infrastructure and Cisco EPN Manager. The vulnerability is due to insufficient validation of user-supplied input, enabling authenticated users to lure others into a crafted link that could trigger stored XSS in the af...

5.4CVSS5.2AI score0.0045EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.83 views

CVE-2023-20121

CVE-2023-20121 covers multiple vulnerabilities in the restricted shell of Cisco EPNM, Cisco ISE, and Cisco Prime Infrastructure. The issue arises from improper validation of parameters in a CLI command within the restricted shell, enabling an authenticated, local attacker to escape the restricted...

6.7CVSS6.5AI score0.00201EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.80 views

CVE-2019-1819

CVE-2019-1819 affects Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. The root cause is improper sanitization of user-supplied input in HTTP request parameters that describe filenames, enabling authenticated remote attackers to perform directory traversal and vie...

6.5CVSS6.3AI score0.13856EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.76 views

CVE-2019-1818

CVE-2019-1818 describes a directory-traversal vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. It arises from improper sanitization of filenames in HTTP request parameters, allowing an authenticated remote attacker to submit a path to a restricted...

6.5CVSS6.3AI score0.13856EPSS
CVE
CVE
added 2023/08/16 9:39 p.m.75 views

CVE-2023-20222

CVE-2023-20222 concerns Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces. The issue arises from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by injecting malicious code into int...

6.1CVSS5.9AI score0.00375EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.74 views

CVE-2019-1820

CVE-2019-1820 affects Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. The root cause is improper sanitization of user-supplied input in HTTP request parameters that describe filenames, enabling directory-traversal attacks. An authenticated, remote attacker could ...

6.5CVSS6.3AI score0.13856EPSS
CVE
CVE
added 2017/07/04 12:0 a.m.72 views

CVE-2017-6699

CVE-2017-6699 affects Cisco Prime Infrastructure (PI) and EPNM web-based management interfaces. Affected component: JSP-based web UI; root cause: insufficient validation of user-supplied input, enabling a remote, unauthenticated attacker to trigger a reflected cross-site scripting (XSS) attack by...

6.1CVSS5.9AI score0.0128EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.70 views

CVE-2019-1824

CVE-2019-1824 affects Cisco Prime Infrastructure (PI) and Evolved Programmable Network (EPN) Manager. The web-based management interface is vulnerable to SQL injection due to improper validation of user-supplied input in SQL queries. An authenticated, remote attacker can send a crafted HTTP reque...

8.1CVSS8.3AI score0.01901EPSS
CVE
CVE
added 2021/08/04 5:20 p.m.70 views

CVE-2021-34707

CVE-2021-34707 concerns a information-disclosure vulnerability in the REST API of Cisco EPNM. An authenticated, remote attacker can exploit this by sending a specific API request to obtain sensitive information from the application. The issue is attributed to insufficient protection of sensitive ...

6.5CVSS6.2AI score0.01095EPSS
CVE
CVE
added 2023/08/16 9:38 p.m.69 views

CVE-2023-20205

Cisco CVE-2023-20205 covers multiple stored XSS vulnerabilities in the web-based management interfaces of Cisco Prime Infrastructure and Cisco EPNM. Root cause: insufficient validation of user-supplied input in the interface, exploitable when an authenticated user with valid credentials views a c...

5.4CVSS5.1AI score0.00358EPSS
CVE
CVE
added 2024/01/17 4:55 p.m.69 views

CVE-2023-20257

CVE-2023-20257 affects Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces. The flaw stems from improper validation of user-supplied input, allowing an authenticated, remote attacker to submit malicious content that is stored and can trigger cross-site scripting against othe...

4.8CVSS5.4AI score0.00358EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.67 views

CVE-2019-1822

Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager contain CVE-2019-1822, a vulnerability in the web-based management interface that allows an authenticated remote attacker to execute code with root privileges. The issue arises from improper validation of user-su...

9CVSS7.2AI score0.04415EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.67 views

CVE-2019-1823

CVE-2019-1823 affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager web-based management interface. The issue allows an authenticated, remote attacker to execute code with root-level privileges on the underlying OS by uploading a crafted file via the adminis...

9CVSS7.2AI score0.04415EPSS
CVE
CVE
added 2023/08/16 9:38 p.m.67 views

CVE-2023-20203

The CVE-2023-20203 entry describes stored Cross-Site Scripting (XSS) vulnerabilities in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) web-based management interfaces. Root cause: insufficient validation of user-supplied input, enabling an authenticated, remote a...

5.4CVSS5.1AI score0.00358EPSS
CVE
CVE
added 2025/04/02 4:17 p.m.66 views

CVE-2025-20203

CVE-2025-20203 details (Cisco EPNM and Cisco Prime Infrastructure): A stored XSS vulnerability exists in the web-based management interface due to improper validation of user input. An authenticated attacker with valid admin credentials could inject malicious code into data fields, potentially ex...

4.8CVSS6AI score0.00278EPSS
CVE
CVE
added 2021/11/04 3:40 p.m.65 views

CVE-2021-34784

Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) are affected by a stored cross-site scripting (XSS) vulnerability in their web-based management interfaces. The issue arises from improper validation of user-supplied input, allowing an authenticated, remote att...

5.4CVSS5.2AI score0.0058EPSS
CVE
CVE
added 2025/04/02 4:16 p.m.65 views

CVE-2025-20120

CVE-2025-20120 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interfaces of Cisco’s EPNM and Prime Infrastructure. The root cause is insufficient validation of user-supplied input in the interface, allowing an unauthenticated, remote attacker to inject mal...

6.1CVSS6AI score0.00301EPSS
CVE
CVE
added 2024/11/06 4:30 p.m.63 views

CVE-2024-20514

Cisco EPNM and Cisco Prime Infrastructure web-based management interfaces are affected by a stored cross-site scripting (XSS) vulnerability that arises from improper input validation. An authenticated, low-privileged attacker could inject malicious code via a targeted page, enabling execution of ...

5.4CVSS5.3AI score0.0027EPSS
CVE
CVE
added 2016/05/25 1:0 a.m.62 views

CVE-2016-1406

CVE-2016-1406 affects Cisco Prime Infrastructure before 3.1 and Cisco EPNM before 1.2.4. The vulnerability stems from incorrect RBAC evaluation in the API web interface, allowing remote authenticated users to bypass restrictions via crafted JSON data and obtain sensitive information, potentially ...

8.8CVSS8.3AI score0.0162EPSS
CVE
CVE
added 2024/01/17 4:57 p.m.62 views

CVE-2023-20260

CVE-2023-20260 affects Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). The root cause is improper processing of command line arguments to application scripts in the CLI, enabling an authenticated, local attacker to escalate to root privileges on the underlying OS...

6.7CVSS6.7AI score0.00175EPSS
CVE
CVE
added 2016/04/06 11:0 p.m.60 views

CVE-2016-1291

CVE-2016-1291 affects Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco EPNM 1.2. The vulnerability stems from insecure deserialization of data in HTTP POST requests, enabling remote attackers to execute arbitrary code on affected systems. Impact is described as remote code execution with...

9.8CVSS9.6AI score0.06769EPSS
Web
CVE
CVE
added 2019/05/16 1:10 a.m.60 views

CVE-2019-1825

Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager web-based management interfaces are affected by CVE-2019-1825 due to improper validation of user-supplied input in SQL queries. The vulnerability could allow an authenticated, remote attacker to execute arbitrary...

8.1CVSS8.3AI score0.01901EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.60 views

CVE-2023-20131

CVE-2023-20131 affects Cisco Prime Infrastructure and Cisco EPNM via the web-based management interface, enabling XSS and CSRF due to insufficient input validation and CSRF protections. The issue is part of multiple vulnerabilities described in Cisco advisory cisco-sa-pi-epnm-eRPWAXLe, with relat...

6.5CVSS5.8AI score0.00573EPSS
CVE
CVE
added 2026/04/01 4:29 p.m.60 views

CVE-2026-20155

Cisco EPNM has a REST API authorization flaw in its web-based management interface. An authenticated user with low privileges can query a REST endpoint and potentially view session information of active EPNM users, including administrators, which could lead to device compromise. The provided sour...

8CVSS5.9AI score0.0027EPSS
CVE
CVE
added 2017/06/26 7:0 a.m.59 views

CVE-2017-6662

CVE-2017-6662 : A XXE-based vulnerability in the web-based UI of Cisco Prime Infrastructure (PI) and Cisco EPNM allows an authenticated, remote attacker to read/write information and execute code in the affected application. Root cause: improper handling of XML External Entity entries when parsin...

8CVSS7.9AI score0.02359EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.59 views

CVE-2023-20129

CVE-2023-20129 covers multiple vulnerabilities in the web‑based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). The issues include information disclosure, cross‑site scripting (XSS), cross‑site request forgery (CSRF), and an arbitrary fil...

6.5CVSS6.5AI score0.00917EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.59 views

CVE-2023-20130

CVE-2023-20130 affects Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces, enabling CSRF alongside XSS and information disclosure. Nessus plugins indicate the issues impact installations prior to specific fixed versions, while Cisco’s advisory states that software updates a...

6.5CVSS6.5AI score0.00382EPSS
CVE
CVE
added 2021/09/02 3:5 a.m.58 views

CVE-2021-34733

Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager expose an information-disclosure vulnerability in their CLI. An authenticated, local attacker could access sensitive data stored on the underlying file system due to insufficient protection of sensitive information. T...

5.5CVSS5.4AI score0.00225EPSS
CVE
CVE
added 2017/04/07 5:0 p.m.57 views

CVE-2017-3884

The CVE-2017-3884 entry describes an information-disclosure vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager. An authenticated, remote attacker could access sensitive data without administrator credentials, enabling reconnaissan...

6.5CVSS6.3AI score0.02078EPSS
CVE
CVE
added 2023/08/16 9:39 p.m.56 views

CVE-2023-20201

CVE-2023-20201 affects Cisco Prime Infrastructure and Cisco EPNM. The issue is stored XSS in the web-based management interface due to insufficient input validation. An authenticated user viewing a crafted page could have arbitrary script execution in the interface context or access browser-based...

5.4CVSS5.1AI score0.00355EPSS
CVE
CVE
added 2024/01/17 4:56 p.m.56 views

CVE-2023-20271

CVE-2023-20271 affects Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces. An authenticated, remote attacker can exploit improper validation of user-submitted parameters to perform SQL injection against the underlying database, potentially exposing or modifying sensitive in...

6.5CVSS6.6AI score0.00546EPSS
CVE
CVE
added 2016/07/02 2:0 p.m.54 views

CVE-2016-1289

Cisco Prime Infrastructure 1.2–3.0 and EPNM 1.2 expose an API flaw that allows unauthenticated, remote access via crafted HTTP requests, potentially enabling code execution or access to stored credentials. The issue stems from inadequate input validation of API URIs, permitting manipulation of AP...

10CVSS9.5AI score0.06153EPSS
CVE
CVE
added 2024/01/17 4:56 p.m.54 views

CVE-2023-20258

CVE-2023-20258 affects Cisco Prime Infrastructure (web-based management interface) and related EPNM/PI components. The flaw arises from improper processing of serialized Java objects, enabling an authenticated, remote attacker to upload a document containing malicious serialized objects and cause...

7.2CVSS7.3AI score0.00695EPSS
CVE
CVE
added 2016/07/02 2:0 p.m.53 views

CVE-2016-1408

Cisco Prime Infrastructure (PI) versions 1.2–3.1 and EPNM versions 1.2–2.0 expose a web-UI vulnerability that allows an authenticated, remote attacker to upload arbitrary files and execute commands via a crafted HTTP request. The root cause is incomplete input validation in the web interface. Imp...

8.8CVSS8.7AI score0.0249EPSS
CVE
CVE
added 2016/10/27 9:0 p.m.50 views

CVE-2016-6443

CVE-2016-6443 affects Cisco Prime Infrastructure and Evolved Programmable Network Manager (EPNM) with a SQL database interface vulnerability. The issue is a lack of input validation in SQL queries, allowing an authenticated, remote attacker to execute a subset of arbitrary SQL statements that can...

8.8CVSS8.6AI score0.02975EPSS
CVE
CVE
added 2016/04/06 11:0 p.m.49 views

CVE-2016-1290

The CVE-2016-1290 issue affects Cisco Prime Infrastructure 1.2.0–2.2(2) and Cisco EPNM 1.2. The vulnerability stems from the web API allowing an authenticated remote user to bypass RBAC via an HTTP request that does not conform to a pattern filter, enabling elevated privileges (Bug CSCuy10227). P...

8.1CVSS7.8AI score0.01493EPSS
CVE
CVE
added 2025/07/16 4:16 p.m.41 views

CVE-2025-20272

CVE-2025-20272 : Affects a subset of REST APIs in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). An authenticated, low-privilege remote attacker could exploit insufficient input validation to perform a blind SQL injection, potentially viewing data from database ...

4.3CVSS7.1AI score0.00292EPSS
CVE
CVE
added 2025/09/03 5:39 p.m.26 views

CVE-2025-20270

CVE-2025-20270 affects Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure. The issue is an information disclosure caused by improper validation of API endpoint requests in the web-based management interface. An authenticated, low-privileged user could remotely exploi...

6.5CVSS5.9AI score0.00287EPSS
CVE
CVE
added 2025/09/03 5:40 p.m.26 views

CVE-2025-20287

Cisco EPNM Arbitrary File Upload (CVE-2025-20287) affects the web-based management interface of Cisco Evolved Programmable Network Manager. Root cause: improper validation of uploaded files via a specific API endpoint, allowing an authenticated attacker with valid Config Managers credentials to u...

8.8CVSS6.6AI score0.00295EPSS
CVE
CVE
added 2025/08/20 4:26 p.m.24 views

CVE-2025-20269

The CVE-2025-20269 issue affects Cisco EPNM and Cisco Prime Infrastructure web-based management interfaces. Root cause: insufficient input validation for specific HTTP requests, enabling an authenticated, low-privileged, remote attacker to retrieve arbitrary files from the device’s file system. I...

6.5CVSS6.8AI score0.00386EPSS
CVE
CVE
added 2025/09/03 5:40 p.m.23 views

CVE-2025-20280

The CVE-2025-20280 issue affects Cisco EPNM and Cisco Prime Infrastructure, where the web-based management interface improperly validates user input, enabling an authenticated, remote attacker with administrative credentials to perform a stored cross-site scripting (XSS) attack against interface ...

4.8CVSS5.6AI score0.00207EPSS
CVE
CVE
added 2026/01/15 4:32 p.m.18 views

CVE-2026-20075

CVE-2026-20075 affects Cisco EPNM and Cisco Prime Infrastructure web-based management interfaces. The root cause is improper validation of user input, enabling a stored cross-site scripting (XSS) vulnerability in data fields. An authenticated, remote attacker with valid admin credentials could in...

4.8CVSS5.8AI score0.00221EPSS
Total number of security vulnerabilities51