CVE-2023-20129 MEDIUM

CVE-2023-20129: Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities

Vendor Cisco

Product Cisco Prime Infrastructure

Weakness CWE-27

Published April 5, 2023

Last update October 25, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.

Key dates

02Disclosure timeline

April 5, 2023 CVE published

October 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-20129 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/27.html

Related vulnerabilities

CVE-2023-20129: Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE