- شناسه CVE-2025-20272 :CVE
- CWE-89 :CWE
- yes :Advisory
- منتشر شده: جولای 16, 2025
- به روز شده: جولای 16, 2025
- امتیاز: 4.3
- نوع حمله: SQL Injection
- اثر گذاری: Information Disclosure
- حوزه: تجهیزات شبکه و امنیت
- برند: Cisco
- محصول: Cisco EPNM
- وضعیتPublished :CVE
- No :POC
- وضعیت آسیب پذیری: patch شده
چکیده
یک آسیبپذیری از نوع Blind SQL Injection در برخی از APIهای REST محصولات Cisco EPNM و Prime Infrastructure شناسایی شده است. این آسیب پذیری امکان دسترسی غیرمجاز به دادههای پایگاه داده را برای مهاجم مجاز فراهم میکند.
توضیحات
این آسیبپذیری در زیرمجموعهای از APIهای REST محصولات Cisco Evolved Programmable Network Manager (EPNM) و Cisco Prime Infrastructure به دلیل اعتبارسنجی ناکافی ورودیهای کاربر (CWE-89) شناسایی شده است. این آسیب پذیری امنیتی به یک مهاجم مجاز با سطح دسترسی پایین اجازه میدهد تا با ارسال درخواست دستکاریشده به API آسیبپذیر، حمله Blind SQL Injection را انجام دهد و به دادههای برخی جدول های پایگاه داده دسترسی پیدا کند. این آسیبپذیری صرفاً محرمانگی دادهها را تحت تاثیر قرار می دهد. Cisco در نسخه های مشخصی این آسیب پذیری را برطرف کرده است.
CVSS
| Score | Severity | Version | Vector String |
| 4.3 | MEDIUM | 3.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
لیست محصولات آسیب پذیر
| Versions | Product |
| affected at 3.0.1
affected at 3.1.2 affected at 1.2 affected at 3.1.1 affected at 3.1.3 affected at 3.1 affected at 3.0.3 affected at 3.0.2 affected at 3.0 affected at 2.2 affected at 1.1 affected at 2.1 affected at 2.0 affected at 4.1 affected at 4.1.1 affected at 4.0.3 affected at 4.0.1 affected at 4.0.2 affected at 4.0 affected at 5.0 affected at 5.0.1 affected at 5.1.1 affected at 5.1 affected at 5.0.2 affected at 5.1.2 affected at 5.1.3 affected at 5.1.4 affected at 6.1.1 affected at 6.1 affected at 6.0.0 affected at 6.0.1 affected at 6.0.2 affected at 7.0.0 affected at 1.2.5 affected at 1.2.6 affected at 2.0.1 affected at 1.2.2 affected at 1.2.3 affected at 1.2.4 affected at 1.2.7 affected at 1.2.1.2 affected at 2.2.1 affected at 2.1.3 affected at 2.0.2 affected at 2.0.3 affected at 2.1.2 affected at 2.0.4 affected at 2.1.1 affected at 5.0.2.5 affected at 5.1.4.3 affected at 6.0.2.1 affected at 6.1.1.1 affected at 5.0.2.1 affected at 5.0.2.2 affected at 5.0.2.3 affected at 5.0.2.4 affected at 5.1.4.1 affected at 5.1.4.2 affected at 2.1.4 affected at 2.2.4 affected at 2.2.3 affected at 2.2.5 affected at 5.1.3.2 affected at 5.1.3.1 affected at 6.0.1.1 affected at 4.1.1.2 affected at 4.1.1.1 affected at 4.0.3.1 affected at 2.0.1.1 affected at 2.1.1.3 affected at 2.1.1.1 affected at 2.1.1.4 affected at 2.0.4.2 affected at 2.0.4.1 affected at 2.1.2.2 affected at 2.1.2.3 affected at 2.0.2.1 affected at 2.1.3.4 affected at 2.1.3.3 affected at 2.1.3.2 affected at 2.1.3.5 affected at 2.2.1.2 affected at 2.2.1.1 affected at 2.2.1.4 affected at 2.2.1.3 affected at 1.2.4.2 affected at 1.2.2.4 affected at 6.0.3 affected at 5.1.4.4 affected at 5.0.2.6 affected at 6.0.3.1 affected at 6.1.2 affected at 6.1.1.2.2 affected at 6.1.2.1 affected at 6.1.2.2 affected at 7.1.1 affected at 7.1.2.1 affected at 7.0.1.3 affected at 7.1.3 affected at 7.1.2 affected at 7.0.1.2 affected at 7.0.1.1 affected at 7.0.1 affected at 7.1.0 affected at 8.0.0 affected at 6.1.2.3 affected at 8.0.0.1 affected at 7.1.3.1 affected at 7.1.4 affected at 8.1.0 |
Cisco Evolved Programmable Network Manager (EPNM) |
| affected at 3.0.0
affected at 3.1.0 affected at 3.1.5 affected at 2.1 affected at 2.0.0 affected at 3.6.0 affected at 3.7.0 affected at 3.4.0 affected at 3.3.0 affected at 3.2 affected at 3.5.0 affected at 3.2.0-FIPS affected at 2.2 affected at 3.8.0-FED affected at 3.9.0 affected at 3.8.0 affected at 3.10.0 affected at 3.1.1 affected at 2.1.2 affected at 2.2.1 affected at 2.2.0 affected at 3.0.2 affected at 3.0.3 affected at 3.0.1 affected at 2.2.2 affected at 2.2.3 affected at 2.1.0 affected at 2.1.1 affected at 3.9.1 affected at 2.0.10 affected at 3.8.1 affected at 3.7.1 affected at 3.5.1 affected at 3.4.2 affected at 3.3.1 affected at 3.1.7 affected at 3.2.1 affected at 3.2.2 affected at 3.1.6 affected at 3.1.2 affected at 3.4.1 affected at 3.1.3 affected at 3.1.4 affected at 3.0.6 affected at 2.2.10 affected at 3.0.4 affected at 3.0.5 affected at 2.1.56 affected at 2.2.4 affected at 2.2.9 affected at 2.2.8 affected at 2.2.5 affected at 2.2.7 affected at 2.0.39 affected at 3.8_DP1 affected at 3.9_DP1 affected at 3.7_DP2 affected at 3.6_DP1 affected at 3.5_DP4 affected at 3.5_DP2 affected at 3.4_DP10 affected at 3.7_DP1 affected at 3.5_DP3 affected at 3.4_DP11 affected at 3.5_DP1 affected at 3.4_DP8 affected at 3.4_DP1 affected at 3.4_DP3 affected at 3.4_DP5 affected at 3.4_DP2 affected at 3.4_DP7 affected at 3.4_DP6 affected at 3.3_DP4 affected at 3.4_DP4 affected at 3.4_DP9 affected at 3.1_DP16 affected at 3.3_DP2 affected at 3.3_DP3 affected at 3.1_DP15 affected at 3.3_DP1 affected at 3.1_DP13 affected at 3.2_DP2 affected at 3.2_DP1 affected at 3.2_DP3 affected at 3.1_DP14 affected at 3.2_DP4 affected at 3.1_DP7 affected at 3.1_DP10 affected at 3.1_DP11 affected at 3.1_DP4 affected at 3.1_DP6 affected at 3.1_DP12 affected at 3.1_DP5 affected at 3.0.7 affected at 3.1_DP9 affected at 3.1_DP8 affected at 3.10_DP1 affected at 3.10.2 affected at 3.10.3 affected at 3.10 affected at 3.10.1 affected at 3.7.1 Update 03 affected at 3.7.1 Update 04 affected at 3.7.1 Update 06 affected at 3.7.1 Update 07 affected at 3.8.1 Update 01 affected at 3.8.1 Update 02 affected at 3.8.1 Update 03 affected at 3.8.1 Update 04 affected at 3.9.1 Update 01 affected at 3.9.1 Update 02 affected at 3.9.1 Update 03 affected at 3.9.1 Update 04 affected at 3.10 Update 01 affected at 3.4.2 Update 01 affected at 3.6.0 Update 04 affected at 3.6.0 Update 02 affected at 3.6.0 Update 03 affected at 3.6.0 Update 01 affected at 3.5.1 Update 03 affected at 3.5.1 Update 01 affected at 3.5.1 Update 02 affected at 3.7.0 Update 03 affected at 2.2.3 Update 05 affected at 2.2.3 Update 04 affected at 2.2.3 Update 06 affected at 2.2.3 Update 03 affected at 2.2.3 Update 02 affected at 2.2.1 Update 01 affected at 2.2.2 Update 03 affected at 2.2.2 Update 04 affected at 3.8.0 Update 01 affected at 3.8.0 Update 02 affected at 3.7.1 Update 01 affected at 3.7.1 Update 02 affected at 3.7.1 Update 05 affected at 3.9.0 Update 01 affected at 3.3.0 Update 01 affected at 3.4.1 Update 02 affected at 3.4.1 Update 01 affected at 3.5.0 Update 03 affected at 3.5.0 Update 01 affected at 3.5.0 Update 02 affected at 3.10.4 affected at 3.10.4 Update 01 affected at 3.10.4 Update 02 affected at 3.10.4 Update 03 affected at 3.10.5 affected at 3.10.6 affected at 3.10.6 Update 01 |
Cisco Prime Infrastructure |
لیست محصولات بروز شده
| Versions | Product |
| 8.0.1
8.1.1 |
Cisco Evolved Programmable Network Manager (EPNM) |
| 3.10.6 Security Update 02 | Cisco Prime Infrastructure |
نتیجه گیری
به کاربران توصیه می شود در اسرع وقت به نسخه های پچ شده به روزرسانی کرده و دسترسی های API را محدود کنند.
منابع
- https://www.cve.org/CVERecord?id=CVE-2025-20272
- https://www.cvedetails.com/cve/CVE-2025-20272/
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-piepnm-bsi-25JJqsbb
- https://vulmon.com/vulnerabilitydetails?qid=CVE-2025-20272
- https://vuldb.com/?id.316691
- https://nvd.nist.gov/vuln/detail/CVE-2025-20272
- https://cwe.mitre.org/data/definitions/89.html
