Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability Allowing Unauthorized Information Access

A vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM). It allows an authenticated, remote attacker with low privileges to access sensitive information they are not authorized to see. This issue arises from improper authorization checks on a REST API endpoint. Exploiting this vulnerability could enable an attacker to view session information of active Cisco EPNM users, including those with administrative rights, potentially leading to a compromise of the affected device.

Impact

Exploitation of this vulnerability could allow an attacker to access sensitive session information of Cisco EPNM users, including administrators, which could result in compromising the affected device.

Remediation

Cisco has released software updates to address this vulnerability. Users are advised to upgrade to the fixed releases mentioned in the advisory. For guidance on obtaining the fixed software, refer to the Cisco Support and Downloads page or contact the Cisco Technical Assistance Center (TAC).