VDB
CVE-2026-20123
CVE-2026-20123
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.
EPSS 0.03% · 9.3th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
0.03%
9.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Prime Infrastructure | 3.10.0, 3.10.2, 3.10.3 |
| cisco | prime_infrastructure | 3.10, 3.10.6, 0 |
| Cisco | Cisco Evolved Programmable Network Manager (EPNM) | 8.0.1.1, 7.1.1, 7.1.2.1 |
| cisco | evolved_programmable_network_manager | 0, 0 |
Exploit Intelligence
Timeline
- Feb 4, 2026 CVE Published
- Feb 4, 2026 CVE Updated
- Feb 5, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 9, 2026 EPSS Score
- Feb 12, 2026 EPSS Score
- Feb 14, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
- Feb 20, 2026 EPSS Score
- Feb 23, 2026 EPSS Score
- Feb 25, 2026 EPSS Score