Prime Infrastructure@2.2 Security Vulnerabilities and Issues — Prime Infrastructure@2.2 CVE List

Lucene search

CiscoPrime Infrastructure2.2

16 matches found

CVE•added 2024/11/15 4:15 p.m.•79 views

CVE-2022-20656

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system. This vulnerability is due t...

6.5CVSS6.6AI score0.00132EPSS

CVE•added 2024/11/15 4:15 p.m.•72 views

CVE-2022-20657

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.This vulnerability exists because the web-based management interface does not properly vali...

6.1CVSS6.4AI score0.00094EPSS

CVE•added 2016/03/03 10:59 p.m.•55 views

CVE-2016-1358

Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID C...

6.4CVSS6.2AI score0.00486EPSS

CVE•added 2016/05/25 1:59 a.m.•52 views

CVE-2016-1406

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSC...

8.8CVSS8.3AI score0.00301EPSS

CVE•added 2019/02/21 3:29 p.m.•52 views

CVE-2019-1659

A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due t...

7.4CVSS7.2AI score0.00195EPSS

CVE•added 2017/06/26 7:29 a.m.•48 views

CVE-2017-6662

A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker ...

8CVSS7.9AI score0.00946EPSS

CVE•added 2025/04/02 5:15 p.m.•48 views

CVE-2025-20120

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This...

6.1CVSS6AI score0.00016EPSS

CVE•added 2016/04/06 11:59 p.m.•47 views

CVE-2016-1291

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

9.8CVSS9.6AI score0.02322EPSS

CVE•added 2025/04/02 5:15 p.m.•46 views

CVE-2025-20203

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. The vul...

4.8CVSS6AI score0.00028EPSS

CVE•added 2017/04/07 5:59 p.m.•45 views

CVE-2017-3884

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional r...

6.5CVSS6.3AI score0.00231EPSS

CVE•added 2015/10/13 12:59 a.m.•41 views

CVE-2015-6332

Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830.

5CVSS7.4AI score0.00456EPSS

CVE•added 2016/07/02 2:59 p.m.•40 views

CVE-2016-1289

The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CS...

10CVSS9.5AI score0.02663EPSS

CVE•added 2016/07/02 2:59 p.m.•39 views

CVE-2016-1408

Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.

8.8CVSS8.7AI score0.00351EPSS

CVE•added 2016/10/27 9:59 p.m.•38 views

CVE-2016-6443

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva...

8.8CVSS8.6AI score0.0187EPSS

CVE•added 2016/04/06 11:59 p.m.•36 views

CVE-2016-1290

The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.

8.1CVSS7.8AI score0.00165EPSS

CVE•added 2025/07/16 5:15 p.m.•15 views

CVE-2025-20272

A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplied i...

4.3CVSS7.1AI score0.00041EPSS