89 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2019-1821
CVE-2019-1821 affects Cisco Prime Infrastructure (PI) / Evolved Programmable Network Manager (EPNM) Health Monitor HA components. The issue is a TarArchive Directory Traversal in the Health Monitor’s upload path that allows a remote attacker to trigger arbitrary commands via the UploadServlet (th...
CVE-2019-1906
CVE-2019-1906 affects Cisco Prime Infrastructure Virtual Domain Privilege Escalation. Affected versions (per self-reported data) include 2.2(2.0.78) prior to 3.1(2.0.0) or 3.5(0.0) prior to 3.5(1); the vulnerability stems from improper validation of API requests in the Virtual Domain system. An a...
CVE-2023-20068
CVE-2023-20068 concerns Cisco Prime Infrastructure Software. The vulnerability is a reflected XSS in the web-based management interface caused by insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user to click a crafted link, potentially executing ar...
CVE-2022-20656
CVE-2022-20656 affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM). The issue is in the web-based management interface where insufficient input validation of the HTTPS URL allows an authenticated, remote attacker to perform a path traversal attack, potent...
CVE-2018-15379
Cisco Prime Infrastructure (PI) HTTP web server contains an arbitrary file upload flaw due to incorrect permissions on important directories. An unauthenticated, remote attacker can upload a file via TFTP and, depending on the system, execute commands with the prime user (no admin/root). Attack d...
CVE-2021-1487
Cisco CVE-2021-1487 affects Cisco Prime Infrastructure and Cisco EPN Manager. The web-based management interface fails to sufficiently validate user input, enabling an authenticated remote attacker to inject commands and execute them on the underlying OS with the permissions of a non-root user. I...
CVE-2021-1306
CVE-2021-1306 is a local file inclusion vulnerability in the restricted shell of Cisco EPN Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure. An authenticated shell user can exploit improper validation of CLI parameters to identify directories and write arbitrary files...
CVE-2022-20657
The CVE-2022-20657 issue affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) where the web-based management interface does not adequately validate user input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack. An ...
CVE-2022-20659
Cisco Prime Infrastructure and Cisco EPN Manager contain a cross-site scripting (XSS) vulnerability in the web-based management interface caused by improper input validation. An unauthenticated, remote attacker could entice a user to click a crafted link, potentially executing arbitrary script co...
CVE-2017-6725
Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability (CVE-2017-6725) affects Cisco Prime Infrastructure’s web interface. The issue arises in the web framework code where insufficient input validation allows an unauthenticated, remote attacker to perform an XSS against ...
CVE-2019-15958
CVE-2019-15958 affects Cisco Prime Infrastructure (PI) and Cisco EPNM. A REST API input-validation flaw during High Availability (HA) configuration/registration allows an unauthenticated remote attacker to upload a malicious file and execute arbitrary code with root privileges on the underlying O...
CVE-2023-20069
Cisco CVE-2023-20069 affects the web-based management interfaces of Cisco Prime Infrastructure and Cisco EPN Manager. The vulnerability is due to insufficient validation of user-supplied input, enabling authenticated users to lure others into a crafted link that could trigger stored XSS in the af...
CVE-2026-20189
Cisco Prime Infrastructure contains an information disclosure vulnerability in the log file download functionality. The issue arises from insufficient authorization checks on the download service API. An attacker with valid credentials to the web interface can craft a URL request to download arbi...
CVE-2023-20121
CVE-2023-20121 covers multiple vulnerabilities in the restricted shell of Cisco EPNM, Cisco ISE, and Cisco Prime Infrastructure. The issue arises from improper validation of parameters in a CLI command within the restricted shell, enabling an authenticated, local attacker to escape the restricted...
CVE-2019-1819
CVE-2019-1819 affects Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. The root cause is improper sanitization of user-supplied input in HTTP request parameters that describe filenames, enabling authenticated remote attackers to perform directory traversal and vie...
CVE-2023-20127
Cisco CVE-2023-20127 affects the web-based management interfaces of Prime Infrastructure and EPNM. The issue involves information disclosure and cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities in the web UI, stemming from insufficient input validation and CSRF pro...
CVE-2019-1818
CVE-2019-1818 describes a directory-traversal vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. It arises from improper sanitization of filenames in HTTP request parameters, allowing an authenticated remote attacker to submit a path to a restricted...
CVE-2023-20222
CVE-2023-20222 concerns Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces. The issue arises from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by injecting malicious code into int...
CVE-2019-1820
CVE-2019-1820 affects Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. The root cause is improper sanitization of user-supplied input in HTTP request parameters that describe filenames, enabling directory-traversal attacks. An authenticated, remote attacker could ...
CVE-2016-1442
CVE-2016-1442 affects Cisco Prime Infrastructure (PI) administrative web interface prior to version 3.1.1. The issue allows remote authenticated users to execute arbitrary commands via crafted field values (Bug CSCuy96280). Severity is high (NVD CVSSv3 base score 8.8; CVSSv2 9.0). Exploitation de...
CVE-2017-6699
CVE-2017-6699 affects Cisco Prime Infrastructure (PI) and EPNM web-based management interfaces. Affected component: JSP-based web UI; root cause: insufficient validation of user-supplied input, enabling a remote, unauthenticated attacker to trigger a reflected cross-site scripting (XSS) attack by...
CVE-2019-1824
CVE-2019-1824 affects Cisco Prime Infrastructure (PI) and Evolved Programmable Network (EPN) Manager. The web-based management interface is vulnerable to SQL injection due to improper validation of user-supplied input in SQL queries. An authenticated, remote attacker can send a crafted HTTP reque...
CVE-2023-20205
Cisco CVE-2023-20205 covers multiple stored XSS vulnerabilities in the web-based management interfaces of Cisco Prime Infrastructure and Cisco EPNM. Root cause: insufficient validation of user-supplied input in the interface, exploitable when an authenticated user with valid credentials views a c...
CVE-2023-20257
CVE-2023-20257 affects Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces. The flaw stems from improper validation of user-supplied input, allowing an authenticated, remote attacker to submit malicious content that is stored and can trigger cross-site scripting against othe...
CVE-2017-6700
CVE-2017-6700 is a DOM-based XSS vulnerability in Cisco Prime Infrastructure (PI) and EPNM web interfaces. An unauthenticated, remote attacker could lure a user to click a crafted link, causing arbitrary script execution in the user’s browser context. Affected releases include PI/EPNM 3.1(1) and ...
CVE-2020-3339
CVE-2020-3339 affects Cisco Prime Infrastructure (web-based management interface). The issue is an SQL injection caused by improper validation of user-submitted parameters, exploitable by an authenticated, remote attacker who can send crafted requests to obtain or modify data in the underlying da...
CVE-2019-1822
Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager contain CVE-2019-1822, a vulnerability in the web-based management interface that allows an authenticated remote attacker to execute code with root privileges. The issue arises from improper validation of user-su...
CVE-2019-1823
CVE-2019-1823 affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager web-based management interface. The issue allows an authenticated, remote attacker to execute code with root-level privileges on the underlying OS by uploading a crafted file via the adminis...
CVE-2023-20203
The CVE-2023-20203 entry describes stored Cross-Site Scripting (XSS) vulnerabilities in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) web-based management interfaces. Root cause: insufficient validation of user-supplied input, enabling an authenticated, remote a...
CVE-2018-0097
CVE-2018-0097 affects Cisco Prime Infrastructure web interface. An unauthenticated remote attacker could exploit improper input validation to cause the app to redirect users to a malicious URL (open redirect). Connected sources confirm the vulnerability in the web interface and cite the Cisco adv...
CVE-2018-0482
Cisco Prime Network Control System (NCS) web-based management interface contains a stored XSS vulnerability due to insufficient validation of user-supplied input. An authenticated, remote attacker could lure a user into clicking a malicious link, causing arbitrary script execution in the web inte...
CVE-2018-15457
CVE-2018-15457 affects Cisco Prime Infrastructure web-based management interface. The vulnerability arises from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack by convincing a user to click a malicious lin...
CVE-2019-12712
Cisco Prime Infrastructure is affected by a cross-site scripting (XSS) vulnerability in its web-based management interface. The root cause is insufficient validation of user-supplied input across multiple interface sections, enabling unauthenticated, remote attackers to persuade users to click cr...
CVE-2019-1659
CVE-2019-1659 describes a certificate-validation flaw in the Cisco Prime Infrastructure (PI) SSL tunnel when the PI server is integrated with Identity Services Engine (ISE). The issue arises from improper validation of the server SSL certificate, enabling an unauthenticated, remote attacker to pe...
CVE-2025-20203
CVE-2025-20203 details (Cisco EPNM and Cisco Prime Infrastructure): A stored XSS vulnerability exists in the web-based management interface due to improper validation of user input. An authenticated attacker with valid admin credentials could inject malicious code into data fields, potentially ex...
CVE-2013-1247
CVE-2013-1247 affects Cisco Prime Infrastructure; XSS in the wireless configuration module allows an unauthenticated remote attacker to inject scripts via a rogue SSID displayed in the XML windowing table (Bug CSCuf04356). Exploitation requires access to the rogue AP listing; Cisco notes software...
CVE-2016-1358
CVE-2016-1358 affects Cisco Prime Infrastructure versions 2.2, 3.0, and 3.1(0.0). The issue is an XML External Entity (XXE) vulnerability where an XML document containing an external entity declaration and an entity reference can be exploited by an authenticated, remote attacker to read arbitrary...
CVE-2017-6724
CVE-2017-6724 concerns Cisco Prime Infrastructure Web Framework Code, where insufficient input validation allows an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web interface. Affected release noted as 3.1(0.0). The vulnerability is caused ...
CVE-2018-0096
Cisco Prime Infrastructure is affected by an RBAC failure that lets an authenticated remote attacker bypass RBAC and modify a virtual domain, viewing and altering configurations across virtual domains. root cause is improper enforcement of RBAC for virtual domains; exploitation requires an authen...
CVE-2021-34784
Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) are affected by a stored cross-site scripting (XSS) vulnerability in their web-based management interfaces. The issue arises from improper validation of user-supplied input, allowing an authenticated, remote att...
CVE-2025-20120
CVE-2025-20120 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interfaces of Cisco’s EPNM and Prime Infrastructure. The root cause is insufficient validation of user-supplied input in the interface, allowing an unauthenticated, remote attacker to inject mal...
CVE-2013-1153
Cisco Prime Infrastructure suffers a CSRF vulnerability in its web interface (CVE-2013-1153). An unauthenticated, remote attacker could trick a user into submitting arbitrary requests to the device with the user’s privileges. Cisco’s advisory notes that software updates are not available to remed...
CVE-2018-0258
Cisco CVE-2018-0258 affects Cisco Prime Data Center Network Manager (DCNM) and Prime Infrastructure (PI) via the Prime File Upload servlet. The vulnerability arises from improper input validation in the XmpFileUploadServlet, enabling path traversal to upload a JSP file and execute it remotely. An...
CVE-2017-6611
CVE-2017-6611 affects Cisco Prime Infrastructure 2.2(2). The root cause is insufficient input validation in the web framework code, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack on users of the web interface. Exploitation could allow execution of arbi...
CVE-2017-6698
CVE-2017-6698 describes a SQL injection due to inadequate input validation in Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface. An authenticated, remote attacker can send crafted URLs to execute arbitrary SQL queries, compromising confidential...
CVE-2024-20514
Cisco EPNM and Cisco Prime Infrastructure web-based management interfaces are affected by a stored cross-site scripting (XSS) vulnerability that arises from improper input validation. An authenticated, low-privileged attacker could inject malicious code via a targeted page, enabling execution of ...
CVE-2016-1406
CVE-2016-1406 affects Cisco Prime Infrastructure before 3.1 and Cisco EPNM before 1.2.4. The vulnerability stems from incorrect RBAC evaluation in the API web interface, allowing remote authenticated users to bypass restrictions via crafted JSON data and obtain sensitive information, potentially ...
CVE-2016-1474
CVE-2016-1474 affects Cisco Prime Infrastructure 2.2(2). The vulnerability is a cross-frame scripting (XFS) issue caused by insufficient iframe protections, enabling an unauthenticated, remote attacker to perform clickjacking and related client-side attacks via a crafted page. The issue is docume...
CVE-2017-3848
CVE-2017-3848 affects Cisco Prime Infrastructure HTTP web-based management interface. The issue stems from insufficient input validation, enabling an unauthenticated, remote attacker to trigger a cross-site scripting (XSS) vulnerability in the web UI (e.g., via crafted links). Affected release: 2...