Prime Collaboration Provisioning Security Vulnerabilities
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this...
6.5CVSS
7AI Score
0.001EPSS
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability...
7.5CVSS
6.9AI Score
0.002EPSS
A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could....
9.8CVSS
7.4AI Score
0.005EPSS
A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could...
9.8CVSS
7.4AI Score
0.005EPSS
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could...
9.8CVSS
7AI Score
0.004EPSS
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an...
8.8CVSS
7.1AI Score
0.002EPSS
A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this.....
9.8CVSS
8.1AI Score
0.003EPSS
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access...
8.8CVSS
7AI Score
0.002EPSS
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by.....
8.4CVSS
9.2AI Score
0.001EPSS
A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by.....
7.5CVSS
7AI Score
0.002EPSS
A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The....
8.1CVSS
7.4AI Score
0.001EPSS
A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could....
6.5CVSS
6.9AI Score
0.001EPSS
A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient protection of restricted information. An attacker could exploit...
6.5CVSS
6.4AI Score
0.001EPSS
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could.....
8.8CVSS
7.4AI Score
0.002EPSS
A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
6.5CVSS
7AI Score
0.001EPSS
A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected...
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases:...
5.5CVSS
6.4AI Score
0.0004EPSS
A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases:...
5.1CVSS
6.5AI Score
0.001EPSS
A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases:...
5.9CVSS
6.9AI Score
0.002EPSS
A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected...
6.5CVSS
6.8AI Score
0.001EPSS
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of...
6.5CVSS
6.4AI Score
0.006EPSS
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation.....
6.5CVSS
6.4AI Score
0.006EPSS
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation.....
6.5CVSS
6.4AI Score
0.069EPSS
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of...
7.5CVSS
7.2AI Score
0.527EPSS
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods,...
9.8CVSS
9.7AI Score
0.762EPSS
Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066...
6.1CVSS
6.1AI Score
0.002EPSS
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID...
9.8CVSS
9AI Score
0.004EPSS
SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID...
8.1AI Score
0.001EPSS
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID...
6.4AI Score
0.002EPSS