Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server.
This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.
AnalysisAI
Cisco Prime Infrastructure log file download functionality fails to enforce proper authorization checks, allowing authenticated remote attackers to download arbitrary log files beyond their access level. An attacker with valid web management interface credentials can submit crafted URL requests to the affected download service API to retrieve sensitive logs, resulting in confidential information disclosure. CVSS score of 4.3 reflects low immediate impact but legitimate data exposure risk for organizations using this management platform.
Technical ContextAI
Cisco Prime Infrastructure is a centralized network management platform that aggregates operational and diagnostic data from network devices. The vulnerability resides in the log file download service API, which is accessed via the web-based management interface over HTTP/HTTPS. The root cause is classified as CWE-862 (Missing Authorization), indicating that the API endpoint performs insufficient authorization verification before serving requested log files. While the API requires valid credentials for initial access (AV:N, PR:L), it does not validate whether the authenticated user has permission to access specific log files, creating an authorization bypass condition. This allows privilege escalation within the application - a lower-privileged user can access logs intended for administrators only.
RemediationAI
Apply the security patch released by Cisco for Prime Infrastructure as detailed in advisory cisco-sa-pi-unauth-infodiscl-LFnLgmey (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey). The exact patched version is not specified in the provided data; consult the advisory to identify the minimum required version for your deployment track. As a compensating control pending patch deployment, restrict network access to the Prime Infrastructure web management interface using firewall rules or VPN requirements - limit access to trusted administrative networks only, reducing credential compromise risk. Additionally, enforce strong password policies and implement multi-factor authentication for web console access if supported; this mitigates the credential requirement (PR:L) that enables exploitation. Monitor log file access via web console and alert on unusual patterns of log downloads by non-administrative users. Note that these controls reduce attack surface but do not fully remediate the underlying authorization flaw.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27861
GHSA-xj8g-6jm5-p9wv