Cisco Evolved Programmable Network Manager Epnm
Monthly
Improper authorization in Cisco EPNM's REST API allows authenticated low-privilege attackers to access active user session data, including administrative credentials, enabling full device compromise. The vulnerability (CWE-862: Missing Authorization) affects the web management interface with CVSS 8.0 severity. Authentication is required (PR:L) but exploitation complexity is low once authenticated. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE identifier.
Improper authorization in Cisco EPNM's REST API allows authenticated low-privilege attackers to access active user session data, including administrative credentials, enabling full device compromise. The vulnerability (CWE-862: Missing Authorization) affects the web management interface with CVSS 8.0 severity. Authentication is required (PR:L) but exploitation complexity is low once authenticated. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE identifier.