A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors Products
Cisco
  • Prime Infrastructure
  • Evolved Programmable Network Manager

Configuration 1 [-]

OR cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-storedxss-tTjO62r Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2023-08-16T21:39:30.076Z

Updated: 2024-01-25T16:58:24.048Z

Reserved: 2022-10-27T18:47:50.368Z

Link: CVE-2023-20222

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-08-16T22:15:11.757

Modified: 2024-01-25T17:15:38.340

Link: CVE-2023-20222

JSON object: View

cve-icon Redhat Information

No data.

CWE