Vulnerability Details CVE-2022-20657
A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.4%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2022-20657
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:1.1
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:2.1
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:2.2
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0.1
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0.2
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0.3
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1.1
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1.2
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1.3
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0.1
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0.2
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0.3
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1.1
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0.1
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0.2
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1.1
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1.2
-
cpe:2.3:a:cisco:prime_infrastructure:2.0.0
-
cpe:2.3:a:cisco:prime_infrastructure:2.1
-
cpe:2.3:a:cisco:prime_infrastructure:2.2
-
cpe:2.3:a:cisco:prime_infrastructure:3.0.0
-
cpe:2.3:a:cisco:prime_infrastructure:3.1.0
-
cpe:2.3:a:cisco:prime_infrastructure:3.1.5
-
cpe:2.3:a:cisco:prime_infrastructure:3.2
-
cpe:2.3:a:cisco:prime_infrastructure:3.2.0-fips
-
cpe:2.3:a:cisco:prime_infrastructure:3.3.0
-
cpe:2.3:a:cisco:prime_infrastructure:3.4.0
-
cpe:2.3:a:cisco:prime_infrastructure:3.5.0
-
cpe:2.3:a:cisco:prime_infrastructure:3.6.0
-
cpe:2.3:a:cisco:prime_infrastructure:3.7.0
-
cpe:2.3:a:cisco:prime_infrastructure:3.8.0
-
cpe:2.3:a:cisco:prime_infrastructure:3.9.0