OpenCVE

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Evolved Programmable Network Manager Prime Infrastructure

Configuration 1 [-]

OR	cpe:2.3:a:cisco:prime_infrastructure::::::::
	cpe:2.3:a:cisco:prime_infrastructure::::::::
	cpe:2.3:a:cisco:prime_infrastructure:3.8:::::::*
	cpe:2.3:a:cisco:prime_infrastructure:3.8.1:-::::::
	cpe:2.3:a:cisco:prime_infrastructure:3.9:::::::*
	cpe:2.3:a:cisco:prime_infrastructure:3.9.1:-::::::

Configuration 2 [-]

OR	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::
	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::
	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::
	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe

History

Fri, 25 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-04-05T00:00:00

Updated: 2024-10-25T16:01:07.105Z

Reserved: 2022-10-27T00:00:00

Link: CVE-2023-20130

Vulnrichment

Updated: 2024-08-02T08:57:35.870Z

NVD

Status : Modified

Published: 2023-04-05T18:15:07.803

Modified: 2023-11-07T04:06:08.930

Link: CVE-2023-20130

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-20130", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "dateUpdated": "2024-10-25T16:01:07.105Z", "dateReserved": "2022-10-27T00:00:00", "datePublished": "2023-04-05T00:00:00"}, "containers": {"cna": {"title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "datePublic": "2023-04-05T00:00:00", "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2023-04-05T00:00:00"}, "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."}], "affected": [{"vendor": "Cisco", "product": "Cisco Prime Infrastructure ", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": ["vendor-advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-27", "cweId": "CWE-27"}]}], "source": {"advisory": "cisco-sa-pi-epnm-eRPWAXLe", "defect": [["CSCwc25461", "CSCwc51948", "CSCwc76734", "CSCwd28312", "CSCwd69561"]], "discovery": "INTERNAL"}, "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.870Z"}, "title": "CVE Program Container", "references": [{"name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": ["vendor-advisory", "x_transferred"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-25T14:35:23.838355Z", "id": "CVE-2023-20130", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T16:01:07.105Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-20130", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "dateUpdated": "2024-10-25T16:01:07.105Z", "dateReserved": "2022-10-27T00:00:00", "datePublished": "2023-04-05T00:00:00"}, "containers": {"cna": {"title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "datePublic": "2023-04-05T00:00:00", "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2023-04-05T00:00:00"}, "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."}], "affected": [{"vendor": "Cisco", "product": "Cisco Prime Infrastructure ", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": ["vendor-advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-27", "cweId": "CWE-27"}]}], "source": {"advisory": "cisco-sa-pi-epnm-eRPWAXLe", "defect": [["CSCwc25461", "CSCwc51948", "CSCwc76734", "CSCwd28312", "CSCwd69561"]], "discovery": "INTERNAL"}, "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.870Z"}, "title": "CVE Program Container", "references": [{"name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": ["vendor-advisory", "x_transferred"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20130", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-25T14:35:23.838355Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:40:38.808Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A1E29E3-1327-4E6B-B068-7B5289A4F0A7", "versionEndIncluding": "3.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "612F8E5C-6C18-4DE8-A548-8F24A5B10948", "versionEndExcluding": "3.10.2", "versionStartIncluding": "3.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.8:*:*:*:*:*:*:*", "matchCriteriaId": "932E6B00-78B5-4A0E-B87E-4993D6491C34", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.8.1:-:*:*:*:*:*:*", "matchCriteriaId": "608240CD-CD6C-42A3-9590-7F37B35EDC53", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "2A1AA925-3BF0-4D8B-BB39-E6DBBAD2CF8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.9.1:-:*:*:*:*:*:*", "matchCriteriaId": "EA458C15-66E7-4976-8805-A10608BF7C9F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFEE5D43-E3D7-463E-A20D-F812E6B3E770", "versionEndExcluding": "5.0.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "80D67146-B941-4FFA-894C-8032E94E0285", "versionEndExcluding": "5.1.4.2", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A644AE0B-420A-4673-B8E5-D41A5FDB2852", "versionEndExcluding": "6.0.2.1", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "93E92BB5-14F3-4B5A-B546-7101E1B77AAC", "versionEndExcluding": "6.1.1.1", "versionStartIncluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."}], "id": "CVE-2023-20130", "lastModified": "2023-11-07T04:06:08.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-04-05T18:15:07.803", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-27"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}