6.1
CVE-2026-20123
- EPSS 0.03%
- Veröffentlicht 04.02.2026 16:11:56
- Zuletzt bearbeitet 10.03.2026 20:13:47
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Prime Infrastructure and Evolved Programmable Network Manager Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Evolved Programmable Network Manager Version < 8.1.1
Cisco ≫ Prime Infrastructure Version <= 3.9
Cisco ≫ Prime Infrastructure Version >= 3.10 <= 3.10.6
Cisco ≫ Prime Infrastructure Version3.10.6 Updateupdate01
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.088 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| psirt@cisco.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.