Cisco Prime Infrastructure Information Disclosure Vulnerability_CVE-2026-20189

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server.

This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access.
To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.

Basic Information

ID CVE-2026-20189

Source cisco

Published May 6, 2026 at 16:15

Affected Product

Vendor Cisco

Product Cisco Prime Infrastructure

Version 3.6.0

Affected Versions Cisco Cisco Prime Infrastructure 3.6.0
Cisco Cisco Prime Infrastructure 3.7.0
Cisco Cisco Prime Infrastructure 3.4.0
Cisco Cisco Prime Infrastructure 3.3.0
Cisco Cisco Prime Infrastructure 3.5.0
Cisco Cisco Prime Infrastructure 3.2.0-FIPS
Cisco Cisco Prime Infrastructure 3.8.0-FED
Cisco Cisco Prime Infrastructure 3.9.0
Cisco Cisco Prime Infrastructure 3.8.0
Cisco Cisco Prime Infrastructure 3.10.0
Cisco Cisco Prime Infrastructure 3.9.1
Cisco Cisco Prime Infrastructure 3.8.1
Cisco Cisco Prime Infrastructure 3.7.1
Cisco Cisco Prime Infrastructure 3.5.1
Cisco Cisco Prime Infrastructure 3.4.2
Cisco Cisco Prime Infrastructure 3.3.1
Cisco Cisco Prime Infrastructure 3.2.1
Cisco Cisco Prime Infrastructure 3.2.2
Cisco Cisco Prime Infrastructure 3.4.1
Cisco Cisco Prime Infrastructure 3.10.2
Cisco Cisco Prime Infrastructure 3.10.3
Cisco Cisco Prime Infrastructure 3.10
Cisco Cisco Prime Infrastructure 3.10.1
Cisco Cisco Prime Infrastructure 3.7.1 Update 03
Cisco Cisco Prime Infrastructure 3.7.1 Update 04
Cisco Cisco Prime Infrastructure 3.7.1 Update 06
Cisco Cisco Prime Infrastructure 3.7.1 Update 07
Cisco Cisco Prime Infrastructure 3.8.1 Update 01
Cisco Cisco Prime Infrastructure 3.8.1 Update 02
Cisco Cisco Prime Infrastructure 3.8.1 Update 03
Cisco Cisco Prime Infrastructure 3.8.1 Update 04
Cisco Cisco Prime Infrastructure 3.9.1 Update 01
Cisco Cisco Prime Infrastructure 3.9.1 Update 02
Cisco Cisco Prime Infrastructure 3.9.1 Update 03
Cisco Cisco Prime Infrastructure 3.9.1 Update 04
Cisco Cisco Prime Infrastructure 3.10 Update 01
Cisco Cisco Prime Infrastructure 3.4.2 Update 01
Cisco Cisco Prime Infrastructure 3.6.0 Update 04
Cisco Cisco Prime Infrastructure 3.6.0 Update 02
Cisco Cisco Prime Infrastructure 3.6.0 Update 03
Cisco Cisco Prime Infrastructure 3.6.0 Update 01
Cisco Cisco Prime Infrastructure 3.5.1 Update 03
Cisco Cisco Prime Infrastructure 3.5.1 Update 01
Cisco Cisco Prime Infrastructure 3.5.1 Update 02
Cisco Cisco Prime Infrastructure 3.7.0 Update 03
Cisco Cisco Prime Infrastructure 3.8.0 Update 01
Cisco Cisco Prime Infrastructure 3.8.0 Update 02
Cisco Cisco Prime Infrastructure 3.7.1 Update 01
Cisco Cisco Prime Infrastructure 3.7.1 Update 02
Cisco Cisco Prime Infrastructure 3.7.1 Update 05
Cisco Cisco Prime Infrastructure 3.9.0 Update 01
Cisco Cisco Prime Infrastructure 3.3.0 Update 01
Cisco Cisco Prime Infrastructure 3.4.1 Update 02
Cisco Cisco Prime Infrastructure 3.4.1 Update 01
Cisco Cisco Prime Infrastructure 3.5.0 Update 03
Cisco Cisco Prime Infrastructure 3.5.0 Update 01
Cisco Cisco Prime Infrastructure 3.5.0 Update 02
Cisco Cisco Prime Infrastructure 3.10.4
Cisco Cisco Prime Infrastructure 3.10.4 Update 01
Cisco Cisco Prime Infrastructure 3.10.4 Update 02
Cisco Cisco Prime Infrastructure 3.10.4 Update 03
Cisco Cisco Prime Infrastructure 3.10.5
Cisco Cisco Prime Infrastructure 3.10.6
Cisco Cisco Prime Infrastructure 3.10.6 Update 01
Cisco Cisco Prime Infrastructure 3.10.6 Update 02

References

sec.cloudapps.cisco.com /security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey

{
    "lastseen": "",
    "description": "A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server.\r\n\r\nThis vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access.\r\nTo exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.",
    "published": "2026-05-06T16:15:24.551Z",
    "modified": "2026-05-06T16:15:24.551Z",
    "type": "cve",
    "title": "Cisco Prime Infrastructure Information Disclosure Vulnerability",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey",
    "id": "CVE-2026-20189",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco Prime Infrastructure 3.6.0\nCisco Cisco Prime Infrastructure 3.7.0\nCisco Cisco Prime Infrastructure 3.4.0\nCisco Cisco Prime Infrastructure 3.3.0\nCisco Cisco Prime Infrastructure 3.5.0\nCisco Cisco Prime Infrastructure 3.2.0-FIPS\nCisco Cisco Prime Infrastructure 3.8.0-FED\nCisco Cisco Prime Infrastructure 3.9.0\nCisco Cisco Prime Infrastructure 3.8.0\nCisco Cisco Prime Infrastructure 3.10.0\nCisco Cisco Prime Infrastructure 3.9.1\nCisco Cisco Prime Infrastructure 3.8.1\nCisco Cisco Prime Infrastructure 3.7.1\nCisco Cisco Prime Infrastructure 3.5.1\nCisco Cisco Prime Infrastructure 3.4.2\nCisco Cisco Prime Infrastructure 3.3.1\nCisco Cisco Prime Infrastructure 3.2.1\nCisco Cisco Prime Infrastructure 3.2.2\nCisco Cisco Prime Infrastructure 3.4.1\nCisco Cisco Prime Infrastructure 3.10.2\nCisco Cisco Prime Infrastructure 3.10.3\nCisco Cisco Prime Infrastructure 3.10\nCisco Cisco Prime Infrastructure 3.10.1\nCisco Cisco Prime Infrastructure 3.7.1 Update 03\nCisco Cisco Prime Infrastructure 3.7.1 Update 04\nCisco Cisco Prime Infrastructure 3.7.1 Update 06\nCisco Cisco Prime Infrastructure 3.7.1 Update 07\nCisco Cisco Prime Infrastructure 3.8.1 Update 01\nCisco Cisco Prime Infrastructure 3.8.1 Update 02\nCisco Cisco Prime Infrastructure 3.8.1 Update 03\nCisco Cisco Prime Infrastructure 3.8.1 Update 04\nCisco Cisco Prime Infrastructure 3.9.1 Update 01\nCisco Cisco Prime Infrastructure 3.9.1 Update 02\nCisco Cisco Prime Infrastructure 3.9.1 Update 03\nCisco Cisco Prime Infrastructure 3.9.1 Update 04\nCisco Cisco Prime Infrastructure 3.10 Update 01\nCisco Cisco Prime Infrastructure 3.4.2 Update 01\nCisco Cisco Prime Infrastructure 3.6.0 Update 04\nCisco Cisco Prime Infrastructure 3.6.0 Update 02\nCisco Cisco Prime Infrastructure 3.6.0 Update 03\nCisco Cisco Prime Infrastructure 3.6.0 Update 01\nCisco Cisco Prime Infrastructure 3.5.1 Update 03\nCisco Cisco Prime Infrastructure 3.5.1 Update 01\nCisco Cisco Prime Infrastructure 3.5.1 Update 02\nCisco Cisco Prime Infrastructure 3.7.0 Update 03\nCisco Cisco Prime Infrastructure 3.8.0 Update 01\nCisco Cisco Prime Infrastructure 3.8.0 Update 02\nCisco Cisco Prime Infrastructure 3.7.1 Update 01\nCisco Cisco Prime Infrastructure 3.7.1 Update 02\nCisco Cisco Prime Infrastructure 3.7.1 Update 05\nCisco Cisco Prime Infrastructure 3.9.0 Update 01\nCisco Cisco Prime Infrastructure 3.3.0 Update 01\nCisco Cisco Prime Infrastructure 3.4.1 Update 02\nCisco Cisco Prime Infrastructure 3.4.1 Update 01\nCisco Cisco Prime Infrastructure 3.5.0 Update 03\nCisco Cisco Prime Infrastructure 3.5.0 Update 01\nCisco Cisco Prime Infrastructure 3.5.0 Update 02\nCisco Cisco Prime Infrastructure 3.10.4\nCisco Cisco Prime Infrastructure 3.10.4 Update 01\nCisco Cisco Prime Infrastructure 3.10.4 Update 02\nCisco Cisco Prime Infrastructure 3.10.4 Update 03\nCisco Cisco Prime Infrastructure 3.10.5\nCisco Cisco Prime Infrastructure 3.10.6\nCisco Cisco Prime Infrastructure 3.10.6 Update 01\nCisco Cisco Prime Infrastructure 3.10.6 Update 02",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco Prime Infrastructure",
    "version": "3.6.0",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply