Skip to main content

Cisco Evolved Programmable Network Manager Epnm EUVDEUVD-2026-17955

| CVE-2026-20155 HIGH
Missing Authorization (CWE-862)
2026-04-01 cisco GHSA-g5c4-x88j-p4hw
8.0
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
8.0 HIGH
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 01, 2026 - 17:30 euvd
EUVD-2026-17955
Analysis Generated
Apr 01, 2026 - 17:30 vuln.today
CVE Published
Apr 01, 2026 - 16:29 nvd
HIGH 8.0

DescriptionCVE.org

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access.

This vulnerability is due to improper authorization checks on a REST API endpoint of an affected device. An attacker could exploit this vulnerability by querying the affected endpoint. A successful exploit could allow the attacker to view session information of active Cisco EPNM users, including users with administrative privileges, which could result in the affected device being compromised.

AnalysisAI

Improper authorization in Cisco EPNM's REST API allows authenticated low-privilege attackers to access active user session data, including administrative credentials, enabling full device compromise. The vulnerability (CWE-862: Missing Authorization) affects the web management interface with CVSS 8.0 severity. Authentication is required (PR:L) but exploitation complexity is low once authenticated. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE identifier.

Technical ContextAI

This vulnerability stems from CWE-862 (Missing Authorization), where Cisco EPNM fails to enforce proper access controls on a REST API endpoint within its web-based management interface. The affected product is Cisco Evolved Programmable Network Manager (CPE: cpe:2.3:a:cisco:cisco_evolved_programmable_network_manager_(epnm)), a network management platform used for configuring and monitoring Cisco devices. REST APIs should implement role-based access control (RBAC) checks to validate that authenticated users possess appropriate permissions before exposing sensitive resources. In this case, the API endpoint permits low-privileged authenticated users to query session management data without verifying authorization levels. Session information typically includes authentication tokens, session IDs, usernames, and privilege levels-data that should be restricted to administrative users or the session owner. The CVSS vector's Confidentiality:High and Integrity:High ratings reflect that exposed session tokens enable attackers to impersonate legitimate users, including administrators, potentially leading to complete management platform compromise.

RemediationAI

Organizations should immediately consult the official Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3 for specific patch versions and remediation guidance, as the provided data does not include confirmed fix version numbers. Until patches are applied, implement compensating controls including restricting EPNM web interface access to trusted management networks only, enforcing strong authentication mechanisms (multi-factor authentication where supported), applying principle of least privilege by auditing and minimizing low-privilege user accounts, monitoring API access logs for unusual session enumeration patterns, and implementing network segmentation to isolate EPNM management traffic. Review active user sessions regularly and revoke suspicious sessions immediately. If API access is not required for low-privilege users, consider implementing firewall rules or access control lists blocking REST API endpoints for non-administrative roles. Given the session hijacking risk, rotate administrative credentials and invalidate existing sessions after applying patches.

Share

EUVD-2026-17955 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy