A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data....
9.8CVSS
9.4AI Score
0.004EPSS
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to....
5.9CVSS
7.2AI Score
0.001EPSS
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could...
6.1CVSS
6.8AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of.....
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65833 CSCuw65837. Known Affected Releases:...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack...
6.1CVSS
5.8AI Score
0.001EPSS
A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65843. Known Affected Releases:...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More...
5.4CVSS
7.4AI Score
0.001EPSS
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker....
8CVSS
7.9AI Score
0.015EPSS
A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of...
6.1CVSS
6.1AI Score
0.002EPSS
A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known...
6.1CVSS
5.9AI Score
0.002EPSS
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional.....
6.5CVSS
6.4AI Score
0.001EPSS
An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known Affected Releases:....
5.4CVSS
6.7AI Score
0.001EPSS
A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information:...
8.8CVSS
8.4AI Score
0.002EPSS
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different....
4.3CVSS
5.2AI Score
0.003EPSS
The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID...
8.8CVSS
8.7AI Score
0.002EPSS
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID...
9.8CVSS
9.3AI Score
0.011EPSS
Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID...
8.8CVSS
8.6AI Score
0.002EPSS
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...
8.8CVSS
8.3AI Score
0.001EPSS
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID...
8.1CVSS
7.8AI Score
0.001EPSS
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID...
9.8CVSS
9.6AI Score
0.047EPSS
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID.....
6.4CVSS
6.3AI Score
0.001EPSS
Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID...
8.8CVSS
8.5AI Score
0.002EPSS
Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID...
6.1CVSS
4.8AI Score
0.001EPSS
Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID...
7.3AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and...
7.4AI Score
0.001EPSS
Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID...
6.7AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID...
5.9AI Score
0.002EPSS
The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka.....
6.5AI Score
0.004EPSS
Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID...
7.4AI Score
0.002EPSS
Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID...
6.6AI Score
0.001EPSS
Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID...
7.5AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID...
5.9AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID...
7.4AI Score
0.001EPSS