CVE-2023-20131 - Vulnerability Details - OpenCVE

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Evolved Programmable Network Manager Prime Infrastructure

Configuration 1 [-]

OR	cpe:2.3:a:cisco:prime_infrastructure::::::::
	cpe:2.3:a:cisco:prime_infrastructure::::::::
	cpe:2.3:a:cisco:prime_infrastructure:3.8:::::::*
	cpe:2.3:a:cisco:prime_infrastructure:3.8.1:-::::::
	cpe:2.3:a:cisco:prime_infrastructure:3.9:::::::*
	cpe:2.3:a:cisco:prime_infrastructure:3.9.1:-::::::

Configuration 2 [-]

OR	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::
	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::
	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::
	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe

History

Wed, 25 Feb 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-04-05T00:00:00.000Z

Updated: 2024-10-25T16:00:51.219Z

Reserved: 2022-10-27T00:00:00.000Z

Link: CVE-2023-20131

Vulnrichment

Updated: 2024-08-02T08:57:36.045Z

NVD

Status : Modified

Published: 2023-04-05T18:15:07.853

Modified: 2024-11-21T07:40:37.737

Link: CVE-2023-20131

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-20131", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "dateUpdated": "2024-10-25T16:00:51.219Z", "dateReserved": "2022-10-27T00:00:00.000Z", "datePublished": "2023-04-05T00:00:00.000Z"}, "containers": {"cna": {"title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "datePublic": "2023-04-05T00:00:00.000Z", "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2023-04-05T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."}], "affected": [{"vendor": "Cisco", "product": "Cisco Prime Infrastructure", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": ["vendor-advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-27", "cweId": "CWE-27"}]}], "source": {"advisory": "cisco-sa-pi-epnm-eRPWAXLe", "defect": [["CSCwc25461", "CSCwc51948", "CSCwc76734", "CSCwd28312", "CSCwd69561"]], "discovery": "INTERNAL"}, "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:36.045Z"}, "title": "CVE Program Container", "references": [{"name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": ["vendor-advisory", "x_transferred"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-25T14:35:17.326729Z", "id": "CVE-2023-20131", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T16:00:51.219Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:36.045Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20131", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-25T14:35:17.326729Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:40:37.486Z"}}], "cna": {"title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "source": {"defect": [["CSCwc25461", "CSCwc51948", "CSCwc76734", "CSCwd28312", "CSCwd69561"]], "advisory": "cisco-sa-pi-epnm-eRPWAXLe", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Prime Infrastructure", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "datePublic": "2023-04-05T00:00:00.000Z", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-27", "description": "CWE-27"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2023-04-05T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-20131", "state": "PUBLISHED", "dateUpdated": "2024-10-25T16:00:51.219Z", "dateReserved": "2022-10-27T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2023-04-05T00:00:00.000Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A1E29E3-1327-4E6B-B068-7B5289A4F0A7", "versionEndIncluding": "3.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "612F8E5C-6C18-4DE8-A548-8F24A5B10948", "versionEndExcluding": "3.10.2", "versionStartIncluding": "3.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.8:*:*:*:*:*:*:*", "matchCriteriaId": "932E6B00-78B5-4A0E-B87E-4993D6491C34", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.8.1:-:*:*:*:*:*:*", "matchCriteriaId": "608240CD-CD6C-42A3-9590-7F37B35EDC53", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "2A1AA925-3BF0-4D8B-BB39-E6DBBAD2CF8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.9.1:-:*:*:*:*:*:*", "matchCriteriaId": "EA458C15-66E7-4976-8805-A10608BF7C9F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFEE5D43-E3D7-463E-A20D-F812E6B3E770", "versionEndExcluding": "5.0.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "80D67146-B941-4FFA-894C-8032E94E0285", "versionEndExcluding": "5.1.4.2", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A644AE0B-420A-4673-B8E5-D41A5FDB2852", "versionEndExcluding": "6.0.2.1", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "93E92BB5-14F3-4B5A-B546-7101E1B77AAC", "versionEndExcluding": "6.1.1.1", "versionStartIncluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."}], "id": "CVE-2023-20131", "lastModified": "2024-11-21T07:40:37.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-05T18:15:07.853", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-27"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}