CVE-2023-20203

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 16, 2023
Updated: Jan 25, 2024
CWE ID 79

Summary

CVE-2023-20203 refers to multiple vulnerabilities in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). These issues enable authenticated, remote attackers to execute stored cross-site scripting (XSS) attacks against users of the affected devices. The vulnerabilities stem from insufficient input validation, allowing malicious HTML or script content to be injected. Successful exploitation could result in the execution of arbitrary script code or access to sensitive browser-based information. To exploit these vulnerabilities, an attacker must possess valid credentials to access the web-based management interface of the targeted device.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco Prime Infrastructure
  • Cisco Evolved Programmable Network Manager

Affected Vendors

  • Cisco Systems Inc