CVE-2023-20201

Summary

CVE-2023-20201 refers to multiple vulnerabilities discovered in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). These issues arise from insufficient user input validation, potentially enabling a remote, authenticated attacker to execute stored cross-site scripting (XSS) attacks against interface users. The attacker would need valid credentials to access the web interface of an affected device and could exploit the vulnerability by persuading a user to view a page containing malicious HTML or script content. Successful exploitation may result in the execution of arbitrary script code within the interface or unauthorized access to sensitive browser-based information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.