CVE-2026-20123

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-20123
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:3.10.6:update01:*:*:*:*:*:*
History

10 Mar 2026, 20:13

Type Values Removed Values Added
First Time Cisco evolved Programmable Network Manager
Cisco
Cisco prime Infrastructure
CPE cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:3.10.6:update01:*:*:*:*:*:*
cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN - Vendor Advisory
Summary
  • (es) Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Evolved Programmable Network Manager (EPNM) y Cisco Prime Infrastructure podría permitir a un atacante remoto no autenticado redirigir a un usuario a una página web maliciosa. Esta vulnerabilidad se debe a una validación de entrada incorrecta de los parámetros en la solicitud HTTP. Un atacante podría explotar esta vulnerabilidad interceptando y modificando una solicitud HTTP de un usuario. Un exploit exitoso podría permitir al atacante redirigir al usuario a una página web maliciosa.

04 Feb 2026, 17:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-04 17:16

Updated : 2026-03-10 20:13

NVD link : CVE-2026-20123

Mitre link : CVE-2026-20123

CVE.ORG link : CVE-2026-20123

JSON object : View

Products Affected

cisco

  • evolved_programmable_network_manager
  • prime_infrastructure
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')