- Description
- A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\\(4.0.45b\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B1F8D62-E893-4AF6-8195-DFB7810AA6AE"
},
{
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\\(4.0.45d\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "408D3C56-EB92-4013-860B-C60AF0D03D39"
},
{
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76E28AD8-1C7F-4003-B27C-1F87B988FE03"
},
{
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27F4F1D6-82DA-4675-B734-D9C5371E6654"
},
{
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.1\\(0.128\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F9CC0D0-08A5-45A0-BF1C-2D3E32D49B3E"
},
{
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBD9A93C-FE79-4323-BBF1-F9B2CD559570"
}
],
"operator": "OR"
}
]
}
]