Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability

A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack.<br><br>
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected API. A successful exploit could allow the attacker to view data in some database tables on an affected device.<br><br>

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br><br>
This advisory is available at the following link:<br><a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-piepnm-bsi-25JJqsbb”>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-piepnm-bsi-25JJqsbb</a><br><br>

<br/>Security Impact Rating: Medium

<br/>CVE: CVE-2025-20272Cisco Security AdvisoryRead More