CVE-2023-20271

CWE-89SQL InjectionCWE-284Improper Access ControlCWE-804 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 74.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Evolved Programmable Network ManagerCisco Prime InfrastructureCisco Cisco Evolved Programmable Network Manager (epnm)+1 more
Timeline
PublishedJan 17

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5cisco/cisco_prime_infrastructure143 versions+142

🔴Vulnerability Details

2
CVEList
CVE-2023-20271: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow2024-01-17
GHSA
GHSA-rpqp-hf76-rjpp: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow2024-01-17

📋Vendor Advisories

1
Cisco
Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Vulnerabilities2024-01-10
CVE-2023-20271 (MEDIUM CVSS 6.5) | A vulnerability in the web-based ma | cvebase.io