Volerion logoVolerion
Volerion logoVolerion

Cisco Prime Infrastructure Log File Download Vulnerability Allowing Unauthorized Access to Sensitive Information

Vulnerability

A vulnerability exists in the log file download feature of Cisco Prime Infrastructure. It allows authenticated, remote attackers to download arbitrary log files from the server. This issue arises from inadequate authorization checks on the download service API. Exploitation involves sending a crafted URL request to the affected device. Successful exploitation could lead to the unauthorized download of sensitive log files. At the time of publication, this vulnerability affects all Cisco Prime Infrastructure releases through 3.10, with the exception of Cisco Evolved Programmable Network Manager.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive log files on the server.

Remediation

Users can upgrade to Cisco Prime Infrastructure 3.10.6 Security Update 3 to address this vulnerability. For versions 3.9 and earlier, migrating to a fixed release is recommended.

Added: May 6, 2026, 6:42 PM
Updated: May 6, 2026, 6:42 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
2.5
exploitability
4.9
remediation
7.7
relevance
7.6
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.