Cisco Evolved Programmable Network Manager
Moderate fix1 remedy
cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 8.0
- <= 7.1
- 8.1
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Sensitive Information Disclosure Vulnerability
Vulnerability
Exploited
Patched
A vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure. It allows authenticated, low-privileged, remote attackers to retrieve arbitrary files from the underlying file system of affected devices. This issue arises from insufficient input validation of certain HTTP requests, enabling access to sensitive files on the device.
Impact
Successful exploitation of this vulnerability could lead to unauthorized access to sensitive files on the affected device.
Remediation
Cisco has released software updates to address this vulnerability. For Cisco EPNM versions 7.1 and earlier and 8.0, users should migrate to a fixed release. For Cisco EPNM version 8.1, users should update to version 8.1.1. For Cisco Prime Infrastructure versions 3.9 and earlier, users should migrate to a fixed release, and for version 3.10, users should update to 3.10.6 Security Update 02.
Added: Aug 20, 2025, 5:36 PM
Updated: Aug 20, 2025, 5:36 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
6.6remediation
7.7relevance
0.4threat
8.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.