Cisco EPNM XSS in Web Interface
CVE-2024-20514 Published on November 6, 2024
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device.
Vulnerability Analysis
CVE-2024-20514 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2024-20514 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2024-20514
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-20514 are published in these products:
Affected Versions
Cisco Evolved Programmable Network Manager (EPNM):- Version 3.0.1 is affected.
- Version 3.1.2 is affected.
- Version 1.2 is affected.
- Version 3.1.1 is affected.
- Version 3.1.3 is affected.
- Version 3.1 is affected.
- Version 3.0.3 is affected.
- Version 3.0.2 is affected.
- Version 3.0 is affected.
- Version 2.2 is affected.
- Version 1.1 is affected.
- Version 2.1 is affected.
- Version 2.0 is affected.
- Version 4.1 is affected.
- Version 4.1.1 is affected.
- Version 4.0.3 is affected.
- Version 4.0.1 is affected.
- Version 4.0.2 is affected.
- Version 4.0 is affected.
- Version 5.0 is affected.
- Version 5.0.1 is affected.
- Version 5.1.1 is affected.
- Version 5.1 is affected.
- Version 5.0.2 is affected.
- Version 5.1.2 is affected.
- Version 5.1.3 is affected.
- Version 5.1.4 is affected.
- Version 6.1.1 is affected.
- Version 6.1 is affected.
- Version 6.0.0 is affected.
- Version 6.0.1 is affected.
- Version 6.0.2 is affected.
- Version 7.0.0 is affected.
- Version 1.2.5 is affected.
- Version 1.2.6 is affected.
- Version 2.0.1 is affected.
- Version 1.2.2 is affected.
- Version 1.2.3 is affected.
- Version 1.2.4 is affected.
- Version 1.2.7 is affected.
- Version 1.2.1.2 is affected.
- Version 2.2.1 is affected.
- Version 2.1.3 is affected.
- Version 2.0.2 is affected.
- Version 2.0.3 is affected.
- Version 2.1.2 is affected.
- Version 2.0.4 is affected.
- Version 2.1.1 is affected.
- Version 5.0.2.5 is affected.
- Version 5.1.4.3 is affected.
- Version 6.0.2.1 is affected.
- Version 6.1.1.1 is affected.
- Version 5.0.2.1 is affected.
- Version 5.0.2.2 is affected.
- Version 5.0.2.3 is affected.
- Version 5.0.2.4 is affected.
- Version 5.1.4.1 is affected.
- Version 5.1.4.2 is affected.
- Version 2.1.4 is affected.
- Version 2.2.4 is affected.
- Version 2.2.3 is affected.
- Version 2.2.5 is affected.
- Version 5.1.3.2 is affected.
- Version 5.1.3.1 is affected.
- Version 6.0.1.1 is affected.
- Version 4.1.1.2 is affected.
- Version 4.1.1.1 is affected.
- Version 4.0.3.1 is affected.
- Version 2.0.1.1 is affected.
- Version 2.1.1.3 is affected.
- Version 2.1.1.1 is affected.
- Version 2.1.1.4 is affected.
- Version 2.0.4.2 is affected.
- Version 2.0.4.1 is affected.
- Version 2.1.2.2 is affected.
- Version 2.1.2.3 is affected.
- Version 2.0.2.1 is affected.
- Version 2.1.3.4 is affected.
- Version 2.1.3.3 is affected.
- Version 2.1.3.2 is affected.
- Version 2.1.3.5 is affected.
- Version 2.2.1.2 is affected.
- Version 2.2.1.1 is affected.
- Version 2.2.1.4 is affected.
- Version 2.2.1.3 is affected.
- Version 1.2.4.2 is affected.
- Version 1.2.2.4 is affected.
- Version 6.0.3 is affected.
- Version 5.1.4.4 is affected.
- Version 5.0.2.6 is affected.
- Version 6.0.3.1 is affected.
- Version 6.1.2 is affected.
- Version 6.1.1.2.2 is affected.
- Version 6.1.2.1 is affected.
- Version 6.1.2.2 is affected.
- Version 7.1.1 is affected.
- Version 7.1.2.1 is affected.
- Version 7.0.1.3 is affected.
- Version 7.1.3 is affected.
- Version 7.1.2 is affected.
- Version 7.0.1.2 is affected.
- Version 7.0.1.1 is affected.
- Version 7.0.1 is affected.
- Version 7.1.0 is affected.
- Version 3.0.0 is affected.
- Version 3.1.0 is affected.
- Version 3.1.5 is affected.
- Version 2.1 is affected.
- Version 2.0.0 is affected.
- Version 3.6.0 is affected.
- Version 3.7.0 is affected.
- Version 3.4.0 is affected.
- Version 3.3.0 is affected.
- Version 3.2 is affected.
- Version 3.5.0 is affected.
- Version 3.2.0-FIPS is affected.
- Version 2.2 is affected.
- Version 3.8.0-FED is affected.
- Version 3.9.0 is affected.
- Version 3.8.0 is affected.
- Version 3.10.0 is affected.
- Version 3.1.1 is affected.
- Version 2.1.2 is affected.
- Version 2.2.1 is affected.
- Version 2.2.0 is affected.
- Version 3.0.2 is affected.
- Version 3.0.3 is affected.
- Version 3.0.1 is affected.
- Version 2.2.2 is affected.
- Version 2.2.3 is affected.
- Version 2.1.0 is affected.
- Version 2.1.1 is affected.
- Version 3.9.1 is affected.
- Version 2.0.10 is affected.
- Version 3.8.1 is affected.
- Version 3.7.1 is affected.
- Version 3.5.1 is affected.
- Version 3.4.2 is affected.
- Version 3.3.1 is affected.
- Version 3.1.7 is affected.
- Version 3.2.1 is affected.
- Version 3.2.2 is affected.
- Version 3.1.6 is affected.
- Version 3.1.2 is affected.
- Version 3.4.1 is affected.
- Version 3.1.3 is affected.
- Version 3.1.4 is affected.
- Version 3.0.6 is affected.
- Version 2.2.10 is affected.
- Version 3.0.4 is affected.
- Version 3.0.5 is affected.
- Version 2.1.56 is affected.
- Version 2.2.4 is affected.
- Version 2.2.9 is affected.
- Version 2.2.8 is affected.
- Version 2.2.5 is affected.
- Version 2.2.7 is affected.
- Version 2.0.39 is affected.
- Version 3.8_DP1 is affected.
- Version 3.9_DP1 is affected.
- Version 3.7_DP2 is affected.
- Version 3.6_DP1 is affected.
- Version 3.5_DP4 is affected.
- Version 3.5_DP2 is affected.
- Version 3.4_DP10 is affected.
- Version 3.7_DP1 is affected.
- Version 3.5_DP3 is affected.
- Version 3.4_DP11 is affected.
- Version 3.5_DP1 is affected.
- Version 3.4_DP8 is affected.
- Version 3.4_DP1 is affected.
- Version 3.4_DP3 is affected.
- Version 3.4_DP5 is affected.
- Version 3.4_DP2 is affected.
- Version 3.4_DP7 is affected.
- Version 3.4_DP6 is affected.
- Version 3.3_DP4 is affected.
- Version 3.4_DP4 is affected.
- Version 3.4_DP9 is affected.
- Version 3.1_DP16 is affected.
- Version 3.3_DP2 is affected.
- Version 3.3_DP3 is affected.
- Version 3.1_DP15 is affected.
- Version 3.3_DP1 is affected.
- Version 3.1_DP13 is affected.
- Version 3.2_DP2 is affected.
- Version 3.2_DP1 is affected.
- Version 3.2_DP3 is affected.
- Version 3.1_DP14 is affected.
- Version 3.2_DP4 is affected.
- Version 3.1_DP7 is affected.
- Version 3.1_DP10 is affected.
- Version 3.1_DP11 is affected.
- Version 3.1_DP4 is affected.
- Version 3.1_DP6 is affected.
- Version 3.1_DP12 is affected.
- Version 3.1_DP5 is affected.
- Version 3.0.7 is affected.
- Version 3.1_DP9 is affected.
- Version 3.1_DP8 is affected.
- Version 3.10_DP1 is affected.
- Version 3.10.2 is affected.
- Version 3.10.3 is affected.
- Version 3.10 is affected.
- Version 3.10.1 is affected.
- Version 3.7.1 Update 03 is affected.
- Version 3.7.1 Update 04 is affected.
- Version 3.7.1 Update 06 is affected.
- Version 3.7.1 Update 07 is affected.
- Version 3.8.1 Update 01 is affected.
- Version 3.8.1 Update 02 is affected.
- Version 3.8.1 Update 03 is affected.
- Version 3.8.1 Update 04 is affected.
- Version 3.9.1 Update 01 is affected.
- Version 3.9.1 Update 02 is affected.
- Version 3.9.1 Update 03 is affected.
- Version 3.9.1 Update 04 is affected.
- Version 3.10 Update 01 is affected.
- Version 3.4.2 Update 01 is affected.
- Version 3.6.0 Update 04 is affected.
- Version 3.6.0 Update 02 is affected.
- Version 3.6.0 Update 03 is affected.
- Version 3.6.0 Update 01 is affected.
- Version 3.5.1 Update 03 is affected.
- Version 3.5.1 Update 01 is affected.
- Version 3.5.1 Update 02 is affected.
- Version 3.7.0 Update 03 is affected.
- Version 2.2.3 Update 05 is affected.
- Version 2.2.3 Update 04 is affected.
- Version 2.2.3 Update 06 is affected.
- Version 2.2.3 Update 03 is affected.
- Version 2.2.3 Update 02 is affected.
- Version 2.2.1 Update 01 is affected.
- Version 2.2.2 Update 03 is affected.
- Version 2.2.2 Update 04 is affected.
- Version 3.8.0 Update 01 is affected.
- Version 3.8.0 Update 02 is affected.
- Version 3.7.1 Update 01 is affected.
- Version 3.7.1 Update 02 is affected.
- Version 3.7.1 Update 05 is affected.
- Version 3.9.0 Update 01 is affected.
- Version 3.3.0 Update 01 is affected.
- Version 3.4.1 Update 02 is affected.
- Version 3.4.1 Update 01 is affected.
- Version 3.5.0 Update 03 is affected.
- Version 3.5.0 Update 01 is affected.
- Version 3.5.0 Update 02 is affected.
- Version 3.10.4 is affected.
- Version 3.10.4 Update 01 is affected.
- Version 3.10.4 Update 02 is affected.
- Version 3.10.4 Update 03 is affected.
- Version 3.10.5 is affected.
Exploit Probability
EPSS
0.22%
Percentile
44.02%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.