Cisco’s Double Trouble: Vulnerabilities Unleashed in EPNM & Prime Infrastructure!

Prepare your web defenses! Two sneaky vulnerabilities are lurking in Cisco EPNM and Cisco Prime Infrastructure, ready to unleash stored XSS attacks. One only requires an unauthenticated remote attacker, while the other demands admin credentials. Cisco’s updates are here to save the day, but no quick fixes otherwise. Keep that software updated!

1P
Published: April 2, 2025 4:01 pmAdded: April 2, 2025 at 9:38 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Apparently, in the world of Cisco vulnerabilities, sharing is caring! Both vulnerabilities offer a buffet of opportunities for attackers to feast on unsuspecting users, with no need to choose just one. So, grab your popcorn and watch as XSS attacks make a grand entrance on the Cisco stage!

Key Points:

  • Two separate vulnerabilities in Cisco’s web-based management interface.
  • Both vulnerabilities allow for stored XSS attacks.
  • First vulnerability (CVE-2025-20120) requires no authentication.
  • Second vulnerability (CVE-2025-20203) requires valid admin credentials.
  • Cisco has released updates, but there are no workarounds.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?