6.1
CVE-2026-20123
- EPSS 0.18%
- Veröffentlicht 04.02.2026 16:11:56
- Zuletzt bearbeitet 29.06.2026 17:13:22
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Prime Infrastructure and Evolved Programmable Network Manager Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Evolved Programmable Network Manager Version < 8.1.1
Cisco ≫ Prime Infrastructure Update- Version < 3.10.6
Cisco ≫ Prime Infrastructure Version3.10.6 Update-
Cisco ≫ Prime Infrastructure Version3.10.6 Updatesecurity_update_01
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.077 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| psirt@cisco.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN