Skip to main content

Cisco Prime Infrastructure CVE-2026-20189

| EUVDEUVD-2026-27861 MEDIUM
Missing Authorization (CWE-862)
2026-05-06 cisco GHSA-xj8g-6jm5-p9wv
4.3
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 06, 2026 - 17:34 vuln.today

DescriptionCVE.org

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server.

This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.

AnalysisAI

Cisco Prime Infrastructure log file download functionality fails to enforce proper authorization checks, allowing authenticated remote attackers to download arbitrary log files beyond their access level. An attacker with valid web management interface credentials can submit crafted URL requests to the affected download service API to retrieve sensitive logs, resulting in confidential information disclosure. CVSS score of 4.3 reflects low immediate impact but legitimate data exposure risk for organizations using this management platform.

Technical ContextAI

Cisco Prime Infrastructure is a centralized network management platform that aggregates operational and diagnostic data from network devices. The vulnerability resides in the log file download service API, which is accessed via the web-based management interface over HTTP/HTTPS. The root cause is classified as CWE-862 (Missing Authorization), indicating that the API endpoint performs insufficient authorization verification before serving requested log files. While the API requires valid credentials for initial access (AV:N, PR:L), it does not validate whether the authenticated user has permission to access specific log files, creating an authorization bypass condition. This allows privilege escalation within the application - a lower-privileged user can access logs intended for administrators only.

RemediationAI

Apply the security patch released by Cisco for Prime Infrastructure as detailed in advisory cisco-sa-pi-unauth-infodiscl-LFnLgmey (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey). The exact patched version is not specified in the provided data; consult the advisory to identify the minimum required version for your deployment track. As a compensating control pending patch deployment, restrict network access to the Prime Infrastructure web management interface using firewall rules or VPN requirements - limit access to trusted administrative networks only, reducing credential compromise risk. Additionally, enforce strong password policies and implement multi-factor authentication for web console access if supported; this mitigates the credential requirement (PR:L) that enables exploitation. Monitor log file access via web console and alert on unusual patterns of log downloads by non-administrative users. Note that these controls reduce attack surface but do not fully remediate the underlying authorization flaw.

Share

CVE-2026-20189 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy