CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34707 – Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34707
04 Aug 2021 — A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the applicat... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-disc-PjTZ5r6C • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1487 – Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1487
22 May 2021 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface. A successful exploit could allow the attacker to execute arbitrary comma... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-cmd-inj-YU5e6tB3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1306 – Cisco ADE-OS Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2021-1306
22 May 2021 — A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A suc... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15958 – Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-15958
26 Nov 2019 — A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registrati... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1818 – Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-1818
16 May 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired fi... • http://www.securityfocus.com/bid/108352 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1819 – Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-1819
16 May 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired fi... • http://www.securityfocus.com/bid/108351 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1820 – Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-1820
16 May 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired fi... • http://www.securityfocus.com/bid/108345 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 97%CPEs: 3EXPL: 4CVE-2019-1821 – Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1821
16 May 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker... • https://packetstorm.news/files/id/153350 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1822 – Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1822
16 May 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker... • http://www.securityfocus.com/bid/108339 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1823 – Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1823
16 May 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker... • http://www.securityfocus.com/bid/108339 • CWE-20: Improper Input Validation •