Description
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server.

This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access.
To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.
Published: 2026-05-06
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the download service API of Cisco Prime Infrastructure allows an authenticated, remote attacker to request any log file from the server. The root cause is insufficient authorization checks on the API, meaning that users who normally do not have permission to view certain logs can retrieve them by crafting a URL. The resulting information disclosure could reveal sensitive operational data, audit trails, or configuration details that support further attacks but does not provide direct code execution or remote access. Severity is classified as moderate with a CVSS score of 4.3.

Affected Systems

The vulnerability affects Cisco Prime Infrastructure. No specific product version ranges are listed in the advisory, so all deployed instances are potentially exposed until a fixed release is applied.

Risk and Exploitability

The CVSS score indicates a moderate threat level. Because the EPSS score is not available this analysis cannot quantify how often exploitation is attempted currently, and the vulnerability is not listed in CISA’s KEV catalog. Attackers must first obtain valid credentials to the web‑based management interface; thereafter they can submit a crafted request to download arbitrary logs. The lack of broader exploitation data suggests that the vulnerability’s impact will largely depend on the strength of authentication controls and network perimeter protection.

Generated by OpenCVE AI on May 6, 2026 at 17:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Cisco Prime Infrastructure update that addresses the download authorization issue
  • Restrict network access to the web‑based management interface using firewalls or VLANs so that only trusted administrators can reach it
  • Disable or tightly limit the log‑download functionality if it is not required by normal operations

Generated by OpenCVE AI on May 6, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco prime Infrastructure
Vendors & Products Cisco
Cisco prime Infrastructure

Wed, 06 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an&nbsp;authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.
Title Cisco Prime Infrastructure Information Disclosure Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Cisco Prime Infrastructure
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-05-06T17:48:19.143Z

Reserved: 2025-10-08T11:59:15.395Z

Link: CVE-2026-20189

cve-icon Vulnrichment

Updated: 2026-05-06T17:46:09.615Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T17:16:21.360

Modified: 2026-05-06T18:59:53.230

Link: CVE-2026-20189

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T20:15:15Z

Weaknesses