CNNVD-202508-2495 Information
CNNVD ID
CNNVD-202508-2495
Related CVE
- CNNVD Published: 2025-08-20
Description (Chinese)
Cisco Evolved Programmable Network Manager和Cisco Prime Infrastructure都是美国思科(Cisco)公司的产品。Cisco Evolved Programmable Network Manager是一套网络管理解决方案。Cisco Prime Infrastructure是一个应用软件。用于简化无线和有线网络的管理。 Cisco Evolved Programmable Network Manager和Cisco Prime Infrastructure存在安全漏洞,该漏洞源于特定HTTP请求输入验证不足,可能导致低权限用户检索任意文件。
Description (English)
Cisco Evolved Programable Network Manager and Cisco Prime Infrastrucure are all Cisco products. Cisco Evolved Programme Network Manager is a web-based management solution. Cisco Prime Infrastructure is an application. To simplify the management of wireless and cable networks. Cisco Evolved Programable Network Manager and Cisco Prime Infrastructure have a security loophole, which stems from a specific HTTP request for insufficient input validation, which may lead to the search of any files by low-authorized users.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Citadel
Published
2025-08-20
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-TET4GxBX https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2 https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820 https://nvd.nist.gov/vuln/detail/CVE-2025-20269
Patch
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
Share on: