CVE-2022-20657

MEDIUM EPSS 38.8%
Published Nov 15, 20241y ago · Modified Jun 17, 20261w ago
6.1 CVSS 3.1
Medium
Find Similar
Published Nov 15, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

CVSS Details

Base Score
6.1
Exploitability
2.8
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
38.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 40

VendorProductVersionRange
ciscoprime_infrastructure2.0.0any
ciscoprime_infrastructure2.1any
ciscoprime_infrastructure2.2any
ciscoprime_infrastructure3.0.0any
ciscoprime_infrastructure3.1.0any
ciscoprime_infrastructure3.1.5any
ciscoprime_infrastructure3.2any
ciscoprime_infrastructure3.2.0-fipsany
ciscoprime_infrastructure3.3.0any
ciscoprime_infrastructure3.4.0any
ciscoprime_infrastructure3.5.0any
ciscoprime_infrastructure3.6.0any
ciscoprime_infrastructure3.7.0any
ciscoprime_infrastructure3.8.0any
ciscoprime_infrastructure3.9.0any
ciscoevolved_programmable_network_manager1.1any
ciscoevolved_programmable_network_manager1.2any
ciscoevolved_programmable_network_manager2.0any
ciscoevolved_programmable_network_manager2.1any
ciscoevolved_programmable_network_manager2.2any
ciscoevolved_programmable_network_manager3.0any
ciscoevolved_programmable_network_manager3.0.1any
ciscoevolved_programmable_network_manager3.0.2any
ciscoevolved_programmable_network_manager3.0.3any
ciscoevolved_programmable_network_manager3.1any
ciscoevolved_programmable_network_manager3.1.1any
ciscoevolved_programmable_network_manager3.1.2any
ciscoevolved_programmable_network_manager3.1.3any
ciscoevolved_programmable_network_manager4.0any
ciscoevolved_programmable_network_manager4.0.1any
ciscoevolved_programmable_network_manager4.0.2any
ciscoevolved_programmable_network_manager4.0.3any
ciscoevolved_programmable_network_manager4.1any
ciscoevolved_programmable_network_manager4.1.1any
ciscoevolved_programmable_network_manager5.0any
ciscoevolved_programmable_network_manager5.0.1any
ciscoevolved_programmable_network_manager5.0.2any
ciscoevolved_programmable_network_manager5.1any
ciscoevolved_programmable_network_manager5.1.1any
ciscoevolved_programmable_network_manager5.1.2any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.