Filtered by vendor Cisco
Subscriptions
Filtered by product Evolved Programmable Network Manager
Subscriptions
Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1291 | 2 Cisco, Sun | 3 Evolved Programmable Network Manager, Prime Infrastructure, Opensolaris | 2024-08-05 | N/A |
| Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192. | ||||
| CVE-2017-6699 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-05 | N/A |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | ||||
| CVE-2017-6662 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-05 | N/A |
| A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries which could allow the attacker to read and write files and execute remote code within the application, aka XML Injection. Cisco Prime Infrastructure software releases 1.1 through 3.1.6 are vulnerable. Cisco EPNM software releases 1.2, 2.0, and 2.1 are vulnerable. Cisco Bug IDs: CSCvc23894 CSCvc49561. | ||||
| CVE-2017-3884 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-05 | N/A |
| A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D). | ||||
| CVE-2021-44228 | 13 Apache, Apple, Bentley and 10 more | 167 Log4j, Xcode, Synchro and 164 more | 2024-08-04 | 10.0 Critical |
| Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | ||||
| CVE-2023-20271 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database. | ||||
| CVE-2023-20260 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 6 Medium |
| A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system. | ||||
| CVE-2023-20257 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application. | ||||
| CVE-2023-20258 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. An attacker could exploit this vulnerability by uploading a document containing malicious serialized Java objects to be processed by the affected application. A successful exploit could allow the attacker to cause the application to execute arbitrary commands. | ||||
| CVE-2023-20201 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 4.8 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device. | ||||
| CVE-2023-20222 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2023-20203 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 5.4 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device. | ||||
| CVE-2023-20205 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 5.4 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device. | ||||
| CVE-2023-20131 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 6.5 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2023-20130 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 6.5 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2023-20121 | 1 Cisco | 3 Evolved Programmable Network Manager, Identity Services Engine, Prime Infrastructure | 2024-08-02 | 6 Medium |
| Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2023-20129 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 6.5 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2023-20069 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-08-02 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. | ||||