Vulnerability in Cisco Evolved Programmable Network Manager (Epnm)
CVE-2022-20656
A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker…
EPSS: 0.002 (38.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Cisco Evolved Programmable Network Manager (Epnm) — versions 3.0.1, 3.1.2, 1.2
- Cisco Prime Infrastructure — versions 3.0.0, 3.1.0, 3.1.5
Weakness classification (CWE)
References
- cisco-sa-pi-epnm-path-trav-zws324yn
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ</a></p><p><strong>Attention</strong>: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see <a href="https://www.cisco.com/c/en/us/products/security/secure-names.html">Meet Cisco Secure
Frequently asked questions
- What is CVE-2022-20656?
- CVE-2022-20656 is a medium-severity vulnerability in Cisco Evolved Programmable Network Manager (Epnm), classified under CWE-24. CVSS score: 6.5/10. Published 2024-11-15.
- How severe is CVE-2022-20656?
- Medium severity. CVSS v3 base score is 6.5 out of 10.