CVE-2023-20271

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*

History

24 Jan 2024, 18:16

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*
cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE CWE-89
First Time Cisco prime Infrastructure
Cisco
Cisco evolved Programmable Network Manager

17 Jan 2024, 17:35

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-17 17:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-20271

Mitre link : CVE-2023-20271

CVE.ORG link : CVE-2023-20271


JSON object : View

Products Affected

cisco

  • evolved_programmable_network_manager
  • prime_infrastructure
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')