CVE-2026-20123

EPSS -
Veröffentlicht 04.02.2026 16:11:56
Zuletzt bearbeitet 04.02.2026 17:16:14
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco Evolved Programmable Network Manager (EPNM)

Default Statusunknown

Version 7.1.1

Status affected

Version 7.1.2.1

Status affected

Version 7.1.3

Status affected

Version 7.1.2

Status affected

Version 7.1.0

Status affected

Version 8.0.0

Status affected

Version 8.0.0.1

Status affected

Version 7.1.3.1

Status affected

Version 7.1.4

Status affected

Version 8.1.0

Status affected

Version 8.0.1

Status affected

Version 7.1.4.1

Status affected

Version 8.0.1.1

Status affected

HerstellerCisco

≫

Produkt Cisco Prime Infrastructure

Default Statusunknown

Version 3.10.0

Status affected

Version 3.10.2

Status affected

Version 3.10.3

Status affected

Version 3.10

Status affected

Version 3.10.1

Status affected

Version 3.10 Update 01

Status affected

Version 3.10.4

Status affected

Version 3.10.4 Update 01

Status affected

Version 3.10.4 Update 02

Status affected

Version 3.10.4 Update 03

Status affected

Version 3.10.5

Status affected

Version 3.10.6

Status affected

Version 3.10.6 Update 01

Status affected

Version 3.10.6 Security Update 03

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN

https://nvd.nist.gov/vuln/detail/CVE-2026-20123

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20123

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20123

EUVD