Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure. This vulnerability allows an authenticated, remote attacker to inject malicious scripts that are executed in the context of the user's browser session. The issue arises because the interface fails to properly validate user input, enabling attackers to exploit specific data fields. To successfully execute this attack, an attacker must have valid administrative credentials.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the affected user interface.

Remediation

Cisco has released software updates to address this vulnerability. Users are advised to upgrade to the fixed releases mentioned in the advisory. For Cisco EPNM, versions 7.1.4.1 and 8.1.2.1 are recommended. For Cisco Prime Infrastructure, version 3.10.6 Security Update 03 is advised. Instructions for obtaining the fixed software are available on the Cisco Support and Downloads page.