Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access.
This vulnerability is due to improper authorization checks on a REST API endpoint of an affected device. An attacker could exploit this vulnerability by querying the affected endpoint. A successful exploit could allow the attacker to view session information of active Cisco EPNM users, including users with administrative privileges, which could result in the affected device being compromised.
AnalysisAI
Improper authorization in Cisco EPNM's REST API allows authenticated low-privilege attackers to access active user session data, including administrative credentials, enabling full device compromise. The vulnerability (CWE-862: Missing Authorization) affects the web management interface with CVSS 8.0 severity. Authentication is required (PR:L) but exploitation complexity is low once authenticated. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE identifier.
Technical ContextAI
This vulnerability stems from CWE-862 (Missing Authorization), where Cisco EPNM fails to enforce proper access controls on a REST API endpoint within its web-based management interface. The affected product is Cisco Evolved Programmable Network Manager (CPE: cpe:2.3:a:cisco:cisco_evolved_programmable_network_manager_(epnm)), a network management platform used for configuring and monitoring Cisco devices. REST APIs should implement role-based access control (RBAC) checks to validate that authenticated users possess appropriate permissions before exposing sensitive resources. In this case, the API endpoint permits low-privileged authenticated users to query session management data without verifying authorization levels. Session information typically includes authentication tokens, session IDs, usernames, and privilege levels-data that should be restricted to administrative users or the session owner. The CVSS vector's Confidentiality:High and Integrity:High ratings reflect that exposed session tokens enable attackers to impersonate legitimate users, including administrators, potentially leading to complete management platform compromise.
RemediationAI
Organizations should immediately consult the official Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3 for specific patch versions and remediation guidance, as the provided data does not include confirmed fix version numbers. Until patches are applied, implement compensating controls including restricting EPNM web interface access to trusted management networks only, enforcing strong authentication mechanisms (multi-factor authentication where supported), applying principle of least privilege by auditing and minimizing low-privilege user accounts, monitoring API access logs for unusual session enumeration patterns, and implementing network segmentation to isolate EPNM management traffic. Review active user sessions regularly and revoke suspicious sessions immediately. If API access is not required for low-privilege users, consider implementing firewall rules or access control lists blocking REST API endpoints for non-administrative roles. Given the session hijacking risk, rotate administrative credentials and invalidate existing sessions after applying patches.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17955
GHSA-g5c4-x88j-p4hw