CVE Catalog

CVE-2026-20123

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This is due to improper input validation of HTTP request parameters.

Risk Assessment

An attacker could intercept and modify an HTTP request from a user, potentially redirecting them to a malicious page, which could lead to data theft or malware installation.

Recommendation

Apply the patches provided by Cisco for EPNM and Prime Infrastructure immediately, and implement HTTP traffic filtering mechanisms to mitigate the risk.

Original NVD description (English source)

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS