Design/Logic Flaw

The Device Work Center DWC component in Cisco Prime Network Control System NCS 2.10.0.85, 2.20.0.58, and 2.20.0.69 does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System NCS and Wireless Control System WCS allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375...

CVE-2012-5990

Multiple cross-site scripting XSS vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System NCS and Wireless Control System WCS allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375...

CVE-2012-5990

CVE-2012-5990 describes reflected XSS in the Health Monitor login pages of Cisco Prime NCS/WCS. Affected component: Health Monitor Login pages. Root cause: input validation error leading to reflection of HTML/script (CWE-79). Impact stated: attacker can execute arbitrary script in the user’s brow...

Cisco Prime Network Control System Version

The remote host is running Cisco Prime Network Control System NCS, a network management system. It is possible to get the Prime NCS version number via SSH or SNMP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66860; scriptversion"1.3"; scriptcvsdate"Date:...

Default credentials

The Cisco Prime Network Control System NCS appliance with software before 1.1.1.24 has a default password for the database user account, which makes it easier for remote attackers to change the configuration or cause a denial of service service disruption via unspecified vectors, aka Bug ID...