18 matches found
CVE-2018-0321
CVE-2018-0321 describes an unauthenticated remote access vulnerability in Cisco Prime Collaboration Provisioning (PCP) caused by an open port in the Network Interface and Configuration Engine (NICE) that exposes the Java RMI system. A remote attacker could access the RMI interface on affected PCP...
CVE-2018-0141
Cisco Prime Collaboration Provisioning (PCP) Software 11.6 is affected by CVE-2018-0141, a hard-coded SSH password vulnerability that allows an unauthenticated, local attacker to log into the PCP host and gain low-privilege OS access, then escalate to root privileges. The issue stems from a hard-...
CVE-2013-1125
Summary: CVE-2013-1125 affects Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, an...
CVE-2013-1196
The CVE-2013-1196 entry involves multiple Cisco products (ACS, Identity Services Engine, ANM, LMS, Prime NSM/DCNM, Quad, etc.) where the command-line interface does not properly validate input, allowing local users to obtain root privileges via unspecified vectors. Connected documents corroborate...
CVE-2015-4280
Cisco Prime Collaboration Assurance 10.0 is affected by CVE-2015-4280. The vulnerability arises from improper handling of crafted HTTP requests to the web interface, allowing a remote, unauthenticated attacker to cause the web UI to become unresponsive (DoS). Impact is described as partial availa...
CVE-2018-0317
CVE-2018-0317 concerns Cisco Prime Collaboration Provisioning (PCP) web interface authentication/authorization. The issue, present in PCP Releases 12.2 and earlier, stems from insufficient web portal access control checks, enabling an authenticated, remote attacker to modify an access request and...
CVE-2018-0322
CVE-2018-0322 affects Cisco Prime Collaboration Provisioning (PCP) — releases up to 12.1. The issue is an access-control flaw in the web management interface, where authentication for Help Desk and User Provisioning roles is not properly enforced, allowing an authenticated attacker to modify priv...
CVE-2018-15389
Cisco Prime Collaboration Provisioning (PCP) contains a vulnerability in its install function that allows an unauthenticated, remote attacker to reach the administrative web interface by using a default hard-coded username/password used during install. This can grant administrator-level access. M...
CVE-2018-0318
Cisco Prime Collaboration Provisioning (PCP) Password Reset Vulnerability (CVE-2018-0318) allows an unauthenticated, remote attacker to gain administrative privileges by abusing weak validation in the password reset function. Affected releases: PCP 11.6 and prior. The issue stems from insufficien...
CVE-2018-0320
Cisco Prime Collaboration Provisioning (PCP) SQL Injection (CVE-2018-0320) affects PCP releases 12.1 and earlier. The root cause is lack of proper validation of user-supplied input in SQL queries within the web framework code, enabling an unauthenticated, remote attacker to execute arbitrary SQL ...
CVE-2018-15450
Cisco Prime Collaboration Assurance (PCA) web-based UI is affected by a vulnerability that allows an authenticated, remote attacker to overwrite files on the filesystem due to insufficient input validation. The issue arises when a crafted value is supplied in a UI input field to specify a path lo...
CVE-2018-0335
Cisco Prime Collaboration Provisioning is affected by an information-disclosure vulnerability in its Web portal authentication. The issue stems from improper logging of authentication data, allowing a local, unauthenticated attacker to monitor a world-readable file to obtain plaintext passwords a...
CVE-2018-0336
The CVE-2018-0336 issue affects Cisco Prime Collaboration Provisioning’s batch provisioning feature. The root cause is insufficient authorization enforcement on batch processing, allowing an authenticated, remote attacker to upload a batch file and have it processed, which could escalate privileg...
CVE-2018-0391
The CVE-2018-0391 issue affects Cisco Prime Collaboration Provisioning (PCP) prior to 12.3, with the root cause being insufficient validation of a password-change request in the authentication flow. A remote attacker could cause the targeted device to become inoperable, resulting in a DoS conditi...
CVE-2018-0319
CVE-2018-0319 affects Cisco Prime Collaboration Provisioning (PCP) Password Recovery. The root cause is insufficient validation of a password recovery request, allowing an unauthenticated remote attacker to submit a recovery request, change the password for any user, and potentially gain administ...
CVE-2015-4188
Cisco Prime Collaboration Manager SQL Injection (CVE-2015-4188) affects the Manager interface of Cisco Prime Collaboration 10.5(1). A lack of input validation on user-supplied input in SQL queries allows remote attackers to craft URLs to execute arbitrary SQL commands, potentially exposing or man...
CVE-2016-1320
CVE-2016-1320 : The Cisco Prime Collaboration CLI on version 9.0 and 11.0 is vulnerable to a local privilege escalation due to insufficient input sanitization, allowing a user with administrator privileges to execute arbitrary OS commands as root. The issue, tracked as Bug ID CSCux69286, affects ...
CVE-2013-6690
CVE-2013-6690 affects the Cisco Prime Collaboration Assurance web interface. The vulnerability is an XSS due to insufficient input validation, enabling unauthenticated remote attackers to inject arbitrary client-side script via unspecified vectors (e.g., via malicious links or attacker-controlled...