Primary

Context

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Open Redirect Vulnerability

Vulnerability

Patched

A vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure. It allows an unauthenticated, remote attacker to redirect a user to a malicious web page. This issue arises from improper input validation of parameters in HTTP requests. An attacker could exploit this vulnerability by intercepting and modifying a user's HTTP request, leading to the redirection.

Impact

Exploitation of this vulnerability could result in an open redirect, allowing attackers to send users to malicious websites.

Remediation

Users are advised to upgrade to Cisco EPNM version 8.1.1 or Cisco Prime Infrastructure version 3.10.6 Security Update 2. Instructions for upgrading can be found on the Cisco Support and Downloads page.

Added: Feb 4, 2026, 6:34 PM

Updated: Feb 4, 2026, 6:34 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.2

exploitability

4.2

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.2

exploitability

4.2

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Open Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Evolved Programmable Network Manager

Cisco Prime Infrastructure

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating