Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure. This vulnerability allows an authenticated, remote attacker to conduct a stored XSS attack against users of the interface on affected systems. The issue arises because the management interface fails to properly validate user-supplied input. An attacker could exploit this by inserting malicious code into specific data fields, potentially executing arbitrary script code in the context of the affected interface or accessing sensitive browser-based information. Exploitation requires valid administrative credentials.

Impact

Successful exploitation allows for stored cross-site scripting, where injected scripts are executed in the context of the user interface, potentially leading to unauthorized access to sensitive information or execution of malicious actions.

Remediation

Cisco has released software updates to address this vulnerability. For Cisco EPNM, users should upgrade to version 6.1.2.3, 7.1.3.1, or 8.0.0.1. For Cisco Prime Infrastructure, the recommended upgrade is to version 3.10.6.1. Users should consult the Cisco Security Advisories page for the most current information and guidance on upgrading.