Lucene search
K
CiscoPrime Infrastructure

89 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5305 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wild
CVE
CVE
added 2019/05/16 1:10 a.m.226 views

CVE-2019-1821

CVE-2019-1821 affects Cisco Prime Infrastructure (PI) / Evolved Programmable Network Manager (EPNM) Health Monitor HA components. The issue is a TarArchive Directory Traversal in the Health Monitor’s upload path that allows a remote attacker to trigger arbitrary commands via the UploadServlet (th...

10CVSS8.2AI score0.98092EPSS
In wildWeb
CVE
CVE
added 2019/06/20 3:10 a.m.204 views

CVE-2019-1906

CVE-2019-1906 affects Cisco Prime Infrastructure Virtual Domain Privilege Escalation. Affected versions (per self-reported data) include 2.2(2.0.78) prior to 3.1(2.0.0) or 3.5(0.0) prior to 3.5(1); the vulnerability stems from improper validation of API requests in the Virtual Domain system. An a...

6.5CVSS5.5AI score0.01274EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.122 views

CVE-2023-20068

CVE-2023-20068 concerns Cisco Prime Infrastructure Software. The vulnerability is a reflected XSS in the web-based management interface caused by insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user to click a crafted link, potentially executing ar...

6.1CVSS6AI score0.0047EPSS
CVE
CVE
added 2024/11/15 3:36 p.m.105 views

CVE-2022-20656

CVE-2022-20656 affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM). The issue is in the web-based management interface where insufficient input validation of the HTTPS URL allows an authenticated, remote attacker to perform a path traversal attack, potent...

6.5CVSS6.6AI score0.01649EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.96 views

CVE-2018-15379

Cisco Prime Infrastructure (PI) HTTP web server contains an arbitrary file upload flaw due to incorrect permissions on important directories. An unauthenticated, remote attacker can upload a file via TFTP and, depending on the system, execute commands with the prime user (no admin/root). Attack d...

9.8CVSS9.7AI score0.86221EPSS
CVE
CVE
added 2021/05/22 6:45 a.m.94 views

CVE-2021-1487

Cisco CVE-2021-1487 affects Cisco Prime Infrastructure and Cisco EPN Manager. The web-based management interface fails to sufficiently validate user input, enabling an authenticated remote attacker to inject commands and execute them on the underlying OS with the permissions of a non-root user. I...

9CVSS9.1AI score0.02115EPSS
CVE
CVE
added 2021/05/22 6:40 a.m.91 views

CVE-2021-1306

CVE-2021-1306 is a local file inclusion vulnerability in the restricted shell of Cisco EPN Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure. An authenticated shell user can exploit improper validation of CLI parameters to identify directories and write arbitrary files...

4.4CVSS4.4AI score0.00212EPSS
CVE
CVE
added 2024/11/15 3:39 p.m.91 views

CVE-2022-20657

The CVE-2022-20657 issue affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) where the web-based management interface does not adequately validate user input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack. An ...

6.1CVSS6.4AI score0.00496EPSS
CVE
CVE
added 2022/02/17 3:0 p.m.88 views

CVE-2022-20659

Cisco Prime Infrastructure and Cisco EPN Manager contain a cross-site scripting (XSS) vulnerability in the web-based management interface caused by improper input validation. An unauthenticated, remote attacker could entice a user to click a crafted link, potentially executing arbitrary script co...

6.1CVSS6.1AI score0.01233EPSS
CVE
CVE
added 2017/07/04 12:0 a.m.85 views

CVE-2017-6725

Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability (CVE-2017-6725) affects Cisco Prime Infrastructure’s web interface. The issue arises in the web framework code where insufficient input validation allows an unauthenticated, remote attacker to perform an XSS against ...

6.1CVSS5.9AI score0.0128EPSS
CVE
CVE
added 2019/11/26 3:11 a.m.85 views

CVE-2019-15958

CVE-2019-15958 affects Cisco Prime Infrastructure (PI) and Cisco EPNM. A REST API input-validation flaw during High Availability (HA) configuration/registration allows an unauthenticated remote attacker to upload a malicious file and execute arbitrary code with root privileges on the underlying O...

10CVSS8.9AI score0.03286EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.84 views

CVE-2023-20069

Cisco CVE-2023-20069 affects the web-based management interfaces of Cisco Prime Infrastructure and Cisco EPN Manager. The vulnerability is due to insufficient validation of user-supplied input, enabling authenticated users to lure others into a crafted link that could trigger stored XSS in the af...

5.4CVSS5.2AI score0.0045EPSS
CVE
CVE
added 2026/05/06 4:15 p.m.84 views

CVE-2026-20189

Cisco Prime Infrastructure contains an information disclosure vulnerability in the log file download functionality. The issue arises from insufficient authorization checks on the download service API. An attacker with valid credentials to the web interface can craft a URL request to download arbi...

4.3CVSS6AI score0.00214EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.83 views

CVE-2023-20121

CVE-2023-20121 covers multiple vulnerabilities in the restricted shell of Cisco EPNM, Cisco ISE, and Cisco Prime Infrastructure. The issue arises from improper validation of parameters in a CLI command within the restricted shell, enabling an authenticated, local attacker to escape the restricted...

6.7CVSS6.5AI score0.00201EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.80 views

CVE-2019-1819

CVE-2019-1819 affects Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. The root cause is improper sanitization of user-supplied input in HTTP request parameters that describe filenames, enabling authenticated remote attackers to perform directory traversal and vie...

6.5CVSS6.3AI score0.13856EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.77 views

CVE-2023-20127

Cisco CVE-2023-20127 affects the web-based management interfaces of Prime Infrastructure and EPNM. The issue involves information disclosure and cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities in the web UI, stemming from insufficient input validation and CSRF pro...

6.5CVSS6.5AI score0.00917EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.76 views

CVE-2019-1818

CVE-2019-1818 describes a directory-traversal vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. It arises from improper sanitization of filenames in HTTP request parameters, allowing an authenticated remote attacker to submit a path to a restricted...

6.5CVSS6.3AI score0.13856EPSS
CVE
CVE
added 2023/08/16 9:39 p.m.75 views

CVE-2023-20222

CVE-2023-20222 concerns Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces. The issue arises from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by injecting malicious code into int...

6.1CVSS5.9AI score0.00375EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.74 views

CVE-2019-1820

CVE-2019-1820 affects Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. The root cause is improper sanitization of user-supplied input in HTTP request parameters that describe filenames, enabling directory-traversal attacks. An authenticated, remote attacker could ...

6.5CVSS6.3AI score0.13856EPSS
CVE
CVE
added 2016/07/07 2:0 p.m.73 views

CVE-2016-1442

CVE-2016-1442 affects Cisco Prime Infrastructure (PI) administrative web interface prior to version 3.1.1. The issue allows remote authenticated users to execute arbitrary commands via crafted field values (Bug CSCuy96280). Severity is high (NVD CVSSv3 base score 8.8; CVSSv2 9.0). Exploitation de...

9CVSS8.7AI score0.03204EPSS
CVE
CVE
added 2017/07/04 12:0 a.m.72 views

CVE-2017-6699

CVE-2017-6699 affects Cisco Prime Infrastructure (PI) and EPNM web-based management interfaces. Affected component: JSP-based web UI; root cause: insufficient validation of user-supplied input, enabling a remote, unauthenticated attacker to trigger a reflected cross-site scripting (XSS) attack by...

6.1CVSS5.9AI score0.0128EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.71 views

CVE-2019-1824

CVE-2019-1824 affects Cisco Prime Infrastructure (PI) and Evolved Programmable Network (EPN) Manager. The web-based management interface is vulnerable to SQL injection due to improper validation of user-supplied input in SQL queries. An authenticated, remote attacker can send a crafted HTTP reque...

8.1CVSS8.3AI score0.01901EPSS
CVE
CVE
added 2023/08/16 9:38 p.m.69 views

CVE-2023-20205

Cisco CVE-2023-20205 covers multiple stored XSS vulnerabilities in the web-based management interfaces of Cisco Prime Infrastructure and Cisco EPNM. Root cause: insufficient validation of user-supplied input in the interface, exploitable when an authenticated user with valid credentials views a c...

5.4CVSS5.1AI score0.00358EPSS
CVE
CVE
added 2024/01/17 4:55 p.m.69 views

CVE-2023-20257

CVE-2023-20257 affects Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces. The flaw stems from improper validation of user-supplied input, allowing an authenticated, remote attacker to submit malicious content that is stored and can trigger cross-site scripting against othe...

4.8CVSS5.4AI score0.00358EPSS
CVE
CVE
added 2017/07/04 12:0 a.m.68 views

CVE-2017-6700

CVE-2017-6700 is a DOM-based XSS vulnerability in Cisco Prime Infrastructure (PI) and EPNM web interfaces. An unauthenticated, remote attacker could lure a user to click a crafted link, causing arbitrary script execution in the user’s browser context. Affected releases include PI/EPNM 3.1(1) and ...

6.1CVSS5.9AI score0.0128EPSS
CVE
CVE
added 2020/06/03 5:56 p.m.68 views

CVE-2020-3339

CVE-2020-3339 affects Cisco Prime Infrastructure (web-based management interface). The issue is an SQL injection caused by improper validation of user-submitted parameters, exploitable by an authenticated, remote attacker who can send crafted requests to obtain or modify data in the underlying da...

6.4CVSS5.6AI score0.01143EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.67 views

CVE-2019-1822

Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager contain CVE-2019-1822, a vulnerability in the web-based management interface that allows an authenticated remote attacker to execute code with root privileges. The issue arises from improper validation of user-su...

9CVSS7.2AI score0.04415EPSS
CVE
CVE
added 2019/05/16 1:10 a.m.67 views

CVE-2019-1823

CVE-2019-1823 affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager web-based management interface. The issue allows an authenticated, remote attacker to execute code with root-level privileges on the underlying OS by uploading a crafted file via the adminis...

9CVSS7.2AI score0.04415EPSS
CVE
CVE
added 2023/08/16 9:38 p.m.67 views

CVE-2023-20203

The CVE-2023-20203 entry describes stored Cross-Site Scripting (XSS) vulnerabilities in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) web-based management interfaces. Root cause: insufficient validation of user-supplied input, enabling an authenticated, remote a...

5.4CVSS5.1AI score0.00358EPSS
CVE
CVE
added 2018/01/18 6:0 a.m.66 views

CVE-2018-0097

CVE-2018-0097 affects Cisco Prime Infrastructure web interface. An unauthenticated remote attacker could exploit improper input validation to cause the app to redirect users to a malicious URL (open redirect). Connected sources confirm the vulnerability in the web interface and cite the Cisco adv...

6.1CVSS6.2AI score0.01215EPSS
CVE
CVE
added 2019/01/10 5:0 p.m.66 views

CVE-2018-0482

Cisco Prime Network Control System (NCS) web-based management interface contains a stored XSS vulnerability due to insufficient validation of user-supplied input. An authenticated, remote attacker could lure a user into clicking a malicious link, causing arbitrary script execution in the web inte...

5.4CVSS5.2AI score0.00876EPSS
CVE
CVE
added 2019/01/10 7:0 p.m.66 views

CVE-2018-15457

CVE-2018-15457 affects Cisco Prime Infrastructure web-based management interface. The vulnerability arises from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack by convincing a user to click a malicious lin...

6.1CVSS6AI score0.01211EPSS
CVE
CVE
added 2019/10/02 7:6 p.m.66 views

CVE-2019-12712

Cisco Prime Infrastructure is affected by a cross-site scripting (XSS) vulnerability in its web-based management interface. The root cause is insufficient validation of user-supplied input across multiple interface sections, enabling unauthenticated, remote attackers to persuade users to click cr...

6.1CVSS6AI score0.01057EPSS
CVE
CVE
added 2019/02/21 3:0 p.m.66 views

CVE-2019-1659

CVE-2019-1659 describes a certificate-validation flaw in the Cisco Prime Infrastructure (PI) SSL tunnel when the PI server is integrated with Identity Services Engine (ISE). The issue arises from improper validation of the server SSL certificate, enabling an unauthenticated, remote attacker to pe...

7.4CVSS7.2AI score0.00846EPSS
CVE
CVE
added 2025/04/02 4:17 p.m.66 views

CVE-2025-20203

CVE-2025-20203 details (Cisco EPNM and Cisco Prime Infrastructure): A stored XSS vulnerability exists in the web-based management interface due to improper validation of user input. An authenticated attacker with valid admin credentials could inject malicious code into data fields, potentially ex...

4.8CVSS6AI score0.00278EPSS
CVE
CVE
added 2013/05/31 9:0 p.m.65 views

CVE-2013-1247

CVE-2013-1247 affects Cisco Prime Infrastructure; XSS in the wireless configuration module allows an unauthenticated remote attacker to inject scripts via a rogue SSID displayed in the XML windowing table (Bug CSCuf04356). Exploitation requires access to the rogue AP listing; Cisco notes software...

4.3CVSS5.9AI score0.01523EPSS
CVE
CVE
added 2016/03/03 10:0 p.m.65 views

CVE-2016-1358

CVE-2016-1358 affects Cisco Prime Infrastructure versions 2.2, 3.0, and 3.1(0.0). The issue is an XML External Entity (XXE) vulnerability where an XML document containing an external entity declaration and an entity reference can be exploited by an authenticated, remote attacker to read arbitrary...

6.4CVSS6.2AI score0.01293EPSS
CVE
CVE
added 2017/07/04 12:0 a.m.65 views

CVE-2017-6724

CVE-2017-6724 concerns Cisco Prime Infrastructure Web Framework Code, where insufficient input validation allows an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web interface. Affected release noted as 3.1(0.0). The vulnerability is caused ...

6.1CVSS5.9AI score0.0128EPSS
CVE
CVE
added 2018/01/18 6:0 a.m.65 views

CVE-2018-0096

Cisco Prime Infrastructure is affected by an RBAC failure that lets an authenticated remote attacker bypass RBAC and modify a virtual domain, viewing and altering configurations across virtual domains. root cause is improper enforcement of RBAC for virtual domains; exploitation requires an authen...

5.9CVSS6AI score0.0135EPSS
CVE
CVE
added 2021/11/04 3:40 p.m.65 views

CVE-2021-34784

Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) are affected by a stored cross-site scripting (XSS) vulnerability in their web-based management interfaces. The issue arises from improper validation of user-supplied input, allowing an authenticated, remote att...

5.4CVSS5.2AI score0.0058EPSS
CVE
CVE
added 2025/04/02 4:16 p.m.65 views

CVE-2025-20120

CVE-2025-20120 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interfaces of Cisco’s EPNM and Prime Infrastructure. The root cause is insufficient validation of user-supplied input in the interface, allowing an unauthenticated, remote attacker to inject mal...

6.1CVSS6AI score0.00301EPSS
CVE
CVE
added 2013/03/07 8:0 p.m.64 views

CVE-2013-1153

Cisco Prime Infrastructure suffers a CSRF vulnerability in its web interface (CVE-2013-1153). An unauthenticated, remote attacker could trick a user into submitting arbitrary requests to the device with the user’s privileges. Cisco’s advisory notes that software updates are not available to remed...

6.8CVSS7.4AI score0.00576EPSS
CVE
CVE
added 2018/05/02 10:0 p.m.64 views

CVE-2018-0258

Cisco CVE-2018-0258 affects Cisco Prime Data Center Network Manager (DCNM) and Prime Infrastructure (PI) via the Prime File Upload servlet. The vulnerability arises from improper input validation in the XmpFileUploadServlet, enabling path traversal to upload a JSP file and execute it remotely. An...

10CVSS9.4AI score0.49431EPSS
CVE
CVE
added 2017/04/20 10:0 p.m.63 views

CVE-2017-6611

CVE-2017-6611 affects Cisco Prime Infrastructure 2.2(2). The root cause is insufficient input validation in the web framework code, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack on users of the web interface. Exploitation could allow execution of arbi...

6.1CVSS6AI score0.01171EPSS
CVE
CVE
added 2017/07/04 12:0 a.m.63 views

CVE-2017-6698

CVE-2017-6698 describes a SQL injection due to inadequate input validation in Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface. An authenticated, remote attacker can send crafted URLs to execute arbitrary SQL queries, compromising confidential...

5.5CVSS5.8AI score0.00938EPSS
CVE
CVE
added 2024/11/06 4:30 p.m.63 views

CVE-2024-20514

Cisco EPNM and Cisco Prime Infrastructure web-based management interfaces are affected by a stored cross-site scripting (XSS) vulnerability that arises from improper input validation. An authenticated, low-privileged attacker could inject malicious code via a targeted page, enabling execution of ...

5.4CVSS5.3AI score0.0027EPSS
CVE
CVE
added 2016/05/25 1:0 a.m.62 views

CVE-2016-1406

CVE-2016-1406 affects Cisco Prime Infrastructure before 3.1 and Cisco EPNM before 1.2.4. The vulnerability stems from incorrect RBAC evaluation in the API web interface, allowing remote authenticated users to bypass restrictions via crafted JSON data and obtain sensitive information, potentially ...

8.8CVSS8.3AI score0.0162EPSS
CVE
CVE
added 2016/08/08 12:0 a.m.62 views

CVE-2016-1474

CVE-2016-1474 affects Cisco Prime Infrastructure 2.2(2). The vulnerability is a cross-frame scripting (XFS) issue caused by insufficient iframe protections, enabling an unauthenticated, remote attacker to perform clickjacking and related client-side attacks via a crafted page. The issue is docume...

4.3CVSS4.7AI score0.01348EPSS
CVE
CVE
added 2017/04/07 5:0 p.m.62 views

CVE-2017-3848

CVE-2017-3848 affects Cisco Prime Infrastructure HTTP web-based management interface. The issue stems from insufficient input validation, enabling an unauthenticated, remote attacker to trigger a cross-site scripting (XSS) vulnerability in the web UI (e.g., via crafted links). Affected release: 2...

6.1CVSS5.9AI score0.01228EPSS
Total number of security vulnerabilities89