CVE-2026-20155

Summary

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access.

This vulnerability is due to improper authorization checks on a REST API endpoint of an affected device. An attacker could exploit this vulnerability by querying the affected endpoint. A successful exploit could allow the attacker to view session information of active Cisco EPNM users, including users with administrative privileges, which could result in the affected device being compromised.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Evolved Programmable Network Manager (EPNM)7.1.1affected
CiscoCisco Evolved Programmable Network Manager (EPNM)7.1.2.1affected
CiscoCisco Evolved Programmable Network Manager (EPNM)7.1.3affected
CiscoCisco Evolved Programmable Network Manager (EPNM)7.1.2affected
CiscoCisco Evolved Programmable Network Manager (EPNM)7.1.0affected
CiscoCisco Evolved Programmable Network Manager (EPNM)8.0.0affected
CiscoCisco Evolved Programmable Network Manager (EPNM)8.0.0.1affected
CiscoCisco Evolved Programmable Network Manager (EPNM)7.1.3.1affected
CiscoCisco Evolved Programmable Network Manager (EPNM)7.1.4affected
CiscoCisco Evolved Programmable Network Manager (EPNM)8.1.0affected
CiscoCisco Evolved Programmable Network Manager (EPNM)8.1.1affected
CiscoCisco Evolved Programmable Network Manager (EPNM)8.0.1affected
CiscoCisco Evolved Programmable Network Manager (EPNM)7.1.4.1affected
CiscoCisco Evolved Programmable Network Manager (EPNM)8.0.1.1affected

Weaknesses

  • CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References