7 matches found
CVE-2019-1821
CVE-2019-1821 affects Cisco Prime Infrastructure (PI) / Evolved Programmable Network Manager (EPNM) Health Monitor HA components. The issue is a TarArchive Directory Traversal in the Health Monitor’s upload path that allows a remote attacker to trigger arbitrary commands via the UploadServlet (th...
CVE-2019-1976
Cisco Industrial Network Director (IND) is affected by a vulnerability in the plug‑and‑play services component that allows an unauthenticated, remote attacker to access sensitive information via the web management interface. The root cause is improper access restrictions, enabling an attacker to ...
CVE-2019-15973
Cisco Industrial Network Director (IND) web-based management interface is affected by a reflected Cross-Site Scripting (XSS) vulnerability (CVE-2019-15973). The issue arises from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to lure a user into click...
CVE-2020-3567
CVE-2020-3567 affects Cisco Industrial Network Director (IND) via the management REST API. Affected versions prior to 1.9.0 (per CNVD entry) expose a vulnerability where insufficient validation of REST requests allows an authenticated, remote attacker to trigger high CPU utilization, causing a pe...
CVE-2019-1823
CVE-2019-1823 affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager web-based management interface. The issue allows an authenticated, remote attacker to execute code with root-level privileges on the underlying OS by uploading a crafted file via the adminis...
CVE-2019-1825
Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager web-based management interfaces are affected by CVE-2019-1825 due to improper validation of user-supplied input in SQL queries. The vulnerability could allow an authenticated, remote attacker to execute arbitrary...
CVE-2018-0446
Cisco Industrial Network Director's web-based management interface is affected by a Cross-Site Request Forgery (CSRF) vulnerability due to insufficient protections. An unauthenticated remote attacker could coax a logged-in user to visit a malicious link, enabling arbitrary actions on the device w...