NewsSecurity Vulnerabilities

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Open Redirect Vulnerability (CVE-2026-20123)

CVE number = CVE-2026-20123

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user.

A successful exploit could allow the attacker to redirect the user to a malicious web page.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability that is described in this advisory and which release included the fix for this vulnerability.

Cisco EPNM ReleaseFirst Fixed Release
8.0 and earlierMigrate to a fixed release.
8.18.1.1
Cisco Prime Infrastructure ReleaseFirst Fixed Release
3.9 and earlierMigrate to a fixed release.
3.103.10.6 Security Update 2

The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.