Lucene search
K
CiscoPrime Collaboration

18 matches found

CVE
CVE
added 2018/06/07 12:0 p.m.72 views

CVE-2018-0321

CVE-2018-0321 describes an unauthenticated remote access vulnerability in Cisco Prime Collaboration Provisioning (PCP) caused by an open port in the Network Interface and Configuration Engine (NICE) that exposes the Java RMI system. A remote attacker could access the RMI interface on affected PCP...

9.8CVSS9.4AI score0.03618EPSS
CVE
CVE
added 2018/03/08 7:0 a.m.68 views

CVE-2018-0141

Cisco Prime Collaboration Provisioning (PCP) Software 11.6 is affected by CVE-2018-0141, a hard-coded SSH password vulnerability that allows an unauthenticated, local attacker to log into the PCP host and gain low-privilege OS access, then escalate to root privileges. The issue stems from a hard-...

8.4CVSS8.8AI score0.00434EPSS
CVE
CVE
added 2013/02/19 11:0 p.m.65 views

CVE-2013-1125

Summary: CVE-2013-1125 affects Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, an...

6.8CVSS6.3AI score0.003EPSS
CVE
CVE
added 2013/04/29 9:0 p.m.63 views

CVE-2013-1196

The CVE-2013-1196 entry involves multiple Cisco products (ACS, Identity Services Engine, ANM, LMS, Prime NSM/DCNM, Quad, etc.) where the command-line interface does not properly validate input, allowing local users to obtain root privileges via unspecified vectors. Connected documents corroborate...

6.8CVSS6.3AI score0.003EPSS
CVE
CVE
added 2015/07/18 10:0 a.m.62 views

CVE-2015-4280

Cisco Prime Collaboration Assurance 10.0 is affected by CVE-2015-4280. The vulnerability arises from improper handling of crafted HTTP requests to the web interface, allowing a remote, unauthenticated attacker to cause the web UI to become unresponsive (DoS). Impact is described as partial availa...

5CVSS6.8AI score0.0236EPSS
CVE
CVE
added 2018/06/07 12:0 p.m.62 views

CVE-2018-0317

CVE-2018-0317 concerns Cisco Prime Collaboration Provisioning (PCP) web interface authentication/authorization. The issue, present in PCP Releases 12.2 and earlier, stems from insufficient web portal access control checks, enabling an authenticated, remote attacker to modify an access request and...

8.8CVSS8.7AI score0.02648EPSS
CVE
CVE
added 2018/06/07 12:0 p.m.58 views

CVE-2018-0322

CVE-2018-0322 affects Cisco Prime Collaboration Provisioning (PCP) — releases up to 12.1. The issue is an access-control flaw in the web management interface, where authentication for Help Desk and User Provisioning roles is not properly enforced, allowing an authenticated attacker to modify priv...

8.8CVSS8.6AI score0.02625EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.57 views

CVE-2018-15389

Cisco Prime Collaboration Provisioning (PCP) contains a vulnerability in its install function that allows an unauthenticated, remote attacker to reach the administrative web interface by using a default hard-coded username/password used during install. This can grant administrator-level access. M...

9.8CVSS9.6AI score0.01511EPSS
CVE
CVE
added 2018/06/07 12:0 p.m.54 views

CVE-2018-0318

Cisco Prime Collaboration Provisioning (PCP) Password Reset Vulnerability (CVE-2018-0318) allows an unauthenticated, remote attacker to gain administrative privileges by abusing weak validation in the password reset function. Affected releases: PCP 11.6 and prior. The issue stems from insufficien...

9.8CVSS9.5AI score0.03156EPSS
CVE
CVE
added 2018/06/07 12:0 p.m.52 views

CVE-2018-0320

Cisco Prime Collaboration Provisioning (PCP) SQL Injection (CVE-2018-0320) affects PCP releases 12.1 and earlier. The root cause is lack of proper validation of user-supplied input in SQL queries within the web framework code, enabling an unauthenticated, remote attacker to execute arbitrary SQL ...

9.8CVSS9.6AI score0.04056EPSS
CVE
CVE
added 2018/11/08 8:0 p.m.52 views

CVE-2018-15450

Cisco Prime Collaboration Assurance (PCA) web-based UI is affected by a vulnerability that allows an authenticated, remote attacker to overwrite files on the filesystem due to insufficient input validation. The issue arises when a crafted value is supplied in a UI input field to specify a path lo...

6.5CVSS6.3AI score0.02538EPSS
CVE
CVE
added 2018/06/07 9:0 p.m.50 views

CVE-2018-0335

Cisco Prime Collaboration Provisioning is affected by an information-disclosure vulnerability in its Web portal authentication. The issue stems from improper logging of authentication data, allowing a local, unauthenticated attacker to monitor a world-readable file to obtain plaintext passwords a...

7.8CVSS7.6AI score0.00413EPSS
CVE
CVE
added 2018/06/07 9:0 p.m.50 views

CVE-2018-0336

The CVE-2018-0336 issue affects Cisco Prime Collaboration Provisioning’s batch provisioning feature. The root cause is insufficient authorization enforcement on batch processing, allowing an authenticated, remote attacker to upload a batch file and have it processed, which could escalate privileg...

8.8CVSS8.6AI score0.02415EPSS
CVE
CVE
added 2018/08/01 8:0 p.m.50 views

CVE-2018-0391

The CVE-2018-0391 issue affects Cisco Prime Collaboration Provisioning (PCP) prior to 12.3, with the root cause being insufficient validation of a password-change request in the authentication flow. A remote attacker could cause the targeted device to become inoperable, resulting in a DoS conditi...

6.8CVSS6.5AI score0.02714EPSS
CVE
CVE
added 2018/06/07 12:0 p.m.49 views

CVE-2018-0319

CVE-2018-0319 affects Cisco Prime Collaboration Provisioning (PCP) Password Recovery. The root cause is insufficient validation of a password recovery request, allowing an unauthenticated remote attacker to submit a recovery request, change the password for any user, and potentially gain administ...

9.8CVSS9.5AI score0.03156EPSS
CVE
CVE
added 2015/06/17 10:0 a.m.47 views

CVE-2015-4188

Cisco Prime Collaboration Manager SQL Injection (CVE-2015-4188) affects the Manager interface of Cisco Prime Collaboration 10.5(1). A lack of input validation on user-supplied input in SQL queries allows remote attackers to craft URLs to execute arbitrary SQL commands, potentially exposing or man...

5CVSS8.6AI score0.0186EPSS
CVE
CVE
added 2016/02/12 1:0 a.m.47 views

CVE-2016-1320

CVE-2016-1320 : The Cisco Prime Collaboration CLI on version 9.0 and 11.0 is vulnerable to a local privilege escalation due to insufficient input sanitization, allowing a user with administrator privileges to execute arbitrary OS commands as root. The issue, tracked as Bug ID CSCux69286, affects ...

6.8CVSS6.8AI score0.00358EPSS
CVE
CVE
added 2013/12/03 7:0 p.m.40 views

CVE-2013-6690

CVE-2013-6690 affects the Cisco Prime Collaboration Assurance web interface. The vulnerability is an XSS due to insufficient input validation, enabling unauthenticated remote attackers to inject arbitrary client-side script via unspecified vectors (e.g., via malicious links or attacker-controlled...

4.3CVSS5.9AI score0.02082EPSS