CVE-2026-20123
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This is due to improper input validation of HTTP request parameters.
Risk Assessment
An attacker could intercept and modify an HTTP request from a user, potentially redirecting them to a malicious page, which could lead to data theft or malware installation.
Recommendation
Apply the patches provided by Cisco for EPNM and Prime Infrastructure immediately, and implement HTTP traffic filtering mechanisms to mitigate the risk.
Original NVD description (English source)
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

