Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability_CVE-2026-20155

8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Description

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access.

This vulnerability is due to improper authorization checks on a REST API endpoint of an affected device. An attacker could exploit this vulnerability by querying the affected endpoint. A successful exploit could allow the attacker to view session information of active Cisco EPNM users, including users with administrative privileges, which could result in the affected device being compromised.

Basic Information

ID CVE-2026-20155

Source cisco

Published Apr 1, 2026 at 16:29

Modified Apr 1, 2026 at 18:19

Affected Product

Vendor Cisco

Product Cisco Evolved Programmable Network Manager (EPNM)

Version 7.1.1

Affected Versions Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.1
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.2.1
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.3
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.2
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.0
Cisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.0
Cisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.0.1
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.3.1
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.4
Cisco Cisco Evolved Programmable Network Manager (EPNM) 8.1.0
Cisco Cisco Evolved Programmable Network Manager (EPNM) 8.1.1
Cisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.1
Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.4.1
Cisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.1.1

References

sec.cloudapps.cisco.com /security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3

{
    "lastseen": "",
    "description": "A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access.\r\n\r\nThis vulnerability is due to improper authorization checks on a REST API endpoint of an affected device. An attacker could exploit this vulnerability by querying the affected endpoint. A successful exploit could allow the attacker to view session information of active Cisco EPNM users, including users with administrative privileges, which could result in the affected device being compromised.",
    "published": "2026-04-01T16:29:12.891Z",
    "modified": "2026-04-01T18:19:17.434Z",
    "type": "cve",
    "title": "Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3",
    "id": "CVE-2026-20155",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.1\nCisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.2.1\nCisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.3\nCisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.2\nCisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.0\nCisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.0\nCisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.0.1\nCisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.3.1\nCisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.4\nCisco Cisco Evolved Programmable Network Manager (EPNM) 8.1.0\nCisco Cisco Evolved Programmable Network Manager (EPNM) 8.1.1\nCisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.1\nCisco Cisco Evolved Programmable Network Manager (EPNM) 7.1.4.1\nCisco Cisco Evolved Programmable Network Manager (EPNM) 8.0.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco Evolved Programmable Network Manager (EPNM)",
    "version": "7.1.1",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply