—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Open Redirect Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Systems Affected

Cisco EPNM and Cisco Prime Infrastructure

Overview

A vulnerability has been reported in web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user.

Successful exploitation of this vulnerability could allow the attacker to redirect the user to a malicious web page.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN

CVE Name

CVE-2026-20123

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmG8tUACgkQ3jCgcSdc

ys8mbQ/+NLLpcE5i4l69i9eqHOq/6u4iTcEWFuA1NjuBQmwtKODs7mdKQhb27en0

yAmWPw907Q8za1m+pMDSpEyLR3E4X8Tg1V3q17/XI2FKcKrC9TPB79Hr5cJ6CQg/

NXqyzw2t4fygN4J2MaLRgpSZp4g+XfLW+iqTQZpqj8AnvRCYGdk5R0XiJG7kGBJL

IoCLbvni43WyGH17td4ZulB0asNOa7zH8BR9688SR5eAhR7feYzvfBdkOs6CHqhT

ksP1cC042k+Pi0cYA0BPlqL2oAhMkI4GO9CsMSiJLpqIAk7c0ApveHnIo/EHhb5K

am4T1aSC/0+vq2nrwZhjyBrNhkvux6U8nbcVLh8pfZepE/i0W9xbtM+vhtzfe4tg

/sYYgxLK6n33kUgRvSCm8VIlxYkGfGMYfkCzPGq6+KdADr1Q/94F7U+qeU/ify1u

h/uby23ds21lSZruMgLVqfemk5j5Vt1HJr1f04hubmLutRXrA3zUKrboAdiD3TnY

MMsCtMLuc+ZwwQHqoB2W4AljQmLayBOfeedjMVA2jqcEBLB35xMedsTgwOrjvlkj

wvT1fIC7FmlMH16HOnNgUunZQPbD6Nz05ZcRqHUmKMEInuCP4dCdWdvDHncVt1rq

VZLecJYJghbZFSni8x2YkjQlbzp6WAwHCbYp2Pi1c0fubXooPos=

=Fqvb

—–END PGP SIGNATURE—–