CVE-2026-20189
MEDIUMCisco Prime Infrastructure Information Disclosure Vulnerability
Title source: cnaDescription
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.
References (1)
Core 1
Core References
cisco-sa-pi-unauth-infodiscl-LFnLgmey
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey
Scores
CVSS v3
4.3
EPSS
0.0004
EPSS Percentile
11.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (50)
Cisco/Cisco Prime Infrastructure
3.10
Cisco/Cisco Prime Infrastructure
3.10 Update 01
Cisco/Cisco Prime Infrastructure
3.10.0
Cisco/Cisco Prime Infrastructure
3.10.1
Cisco/Cisco Prime Infrastructure
3.10.2
Cisco/Cisco Prime Infrastructure
3.10.3
Cisco/Cisco Prime Infrastructure
3.10.4
Cisco/Cisco Prime Infrastructure
3.10.4 Update 01
Cisco/Cisco Prime Infrastructure
3.10.4 Update 02
Cisco/Cisco Prime Infrastructure
3.10.4 Update 03
... and 40 more
Published
May 06, 2026
Tracked Since
May 06, 2026