Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Open Redirect Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Cisco has released software updates that address this vulnerability. There ar…
- Scope: At the time of publication, this vulnerability affected Cisco EPNM and Cisco Prime Infrastructure, regardless of device configuration.
- 8.0 and earlier — Migrate to a fixed release
- Release 8.1 (first fixed: 8.1.1)
- 3.9 and earlier — Migrate to a fixed release
- Release 3.10 (first fixed: 3.10.6 Security Update 2)
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 8.1.1
- 3.10.6 Security Update 2
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 8.0 and earlier: migrate to a fixed release.
- Release 8.1: upgrade to 8.1.1.
- Release 3.9 and earlier: migrate to a fixed release.
- Release 3.10: upgrade to 3.10.6 Security Update 2.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.