CVE-2023-20203
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-20203 refers to multiple vulnerabilities in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). These issues enable authenticated, remote attackers to execute stored cross-site scripting (XSS) attacks against users of the affected devices. The vulnerabilities stem from insufficient input validation, allowing malicious HTML or script content to be injected. Successful exploitation could result in the execution of arbitrary script code or access to sensitive browser-based information. To exploit these vulnerabilities, an attacker must possess valid credentials to access the web-based management interface of the targeted device.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Prime Infrastructure
- Cisco Evolved Programmable Network Manager
Affected Vendors
- Cisco Systems Inc