Primary

Context

Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability

Vulnerability

Patched

A vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM), allowing authenticated, remote attackers to upload arbitrary files to affected devices. This issue arises from improper validation of uploaded files. Exploitation involves sending a crafted file upload request to a specific API endpoint. Successful exploitation requires valid Config Managers credentials on the affected device.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads on the affected system.

Remediation

Cisco EPNM releases 8.0 and earlier are vulnerable. Users should upgrade to a fixed release. For guidance on upgrading, consult the Cisco Security Vulnerability Policy or contact the Cisco Technical Assistance Center (TAC).

Added: Sep 3, 2025, 6:26 PM

Updated: Sep 3, 2025, 6:26 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Evolved Programmable Network Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating