What is CVE-2023-20271?

CVE-2023-20271 is a medium-severity vulnerability in Cisco Evolved Programmable Network Manager (Epnm), classified under SQL Injection. CVSS score: 6.5/10. Published 2024-01-17.

How severe is CVE-2023-20271?

Medium severity. CVSS v3 base score is 6.5 out of 10.

SQL Injection in Cisco Evolved Programmable Network Manager (Epnm)

CVE-2023-20271

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system…

Vulnerability class: SQL Injection

EPSS: 0.001 (25.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Evolved Programmable Network Manager (Epnm) — versions 1.2.6, 1.2.2, 1.2.3
Cisco Prime Infrastructure — versions 2.0.0, 2.0.10, 2.0.39

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cisco-sa-pi-epnm-wkZJeyeq

Frequently asked questions

What is CVE-2023-20271?: CVE-2023-20271 is a medium-severity vulnerability in Cisco Evolved Programmable Network Manager (Epnm), classified under SQL Injection. CVSS score: 6.5/10. Published 2024-01-17.
How severe is CVE-2023-20271?: Medium severity. CVSS v3 base score is 6.5 out of 10.