CVE-2026-20123

{"id": "CVE-2026-20123", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2026-02-04T17:16:14.627", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r\nThis vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n basada en web de Cisco Evolved Programmable Network Manager (EPNM) y Cisco Prime Infrastructure podr\u00eda permitir a un atacante remoto no autenticado redirigir a un usuario a una p\u00e1gina web maliciosa.\n\nEsta vulnerabilidad se debe a una validaci\u00f3n de entrada incorrecta de los par\u00e1metros en la solicitud HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad interceptando y modificando una solicitud HTTP de un usuario. Un exploit exitoso podr\u00eda permitir al atacante redirigir al usuario a una p\u00e1gina web maliciosa."}], "lastModified": "2026-03-10T20:13:47.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "317FDB7B-04C7-4754-AC47-05012E5898FF", "versionEndExcluding": "8.1.1"}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FE6C1B6-F6DE-45A5-908A-8ADA588DDA52", "versionEndIncluding": "3.9"}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FBEDB40-E752-4649-8E93-1C281921581D", "versionEndIncluding": "3.10.6", "versionStartIncluding": "3.10"}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.10.6:update01:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30799703-8281-4463-AD55-17A166C5640E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}