20 matches found
CVE-2018-0321
CVE-2018-0321 describes an unauthenticated remote access vulnerability in Cisco Prime Collaboration Provisioning (PCP) caused by an open port in the Network Interface and Configuration Engine (NICE) that exposes the Java RMI system. A remote attacker could access the RMI interface on affected PCP...
CVE-2017-6779
CVE-2017-6779 affects multiple Cisco VOS-based products (Emergency Responder, Finesse, UCM family, Unity Connection, UIC, SME, UCCx, MediaSense, Prime products, and related). Root cause: system log file has no maximum size limit, enabling an unauthenticated, remote attacker to cause high disk uti...
CVE-2018-0141
Cisco Prime Collaboration Provisioning (PCP) Software 11.6 is affected by CVE-2018-0141, a hard-coded SSH password vulnerability that allows an unauthenticated, local attacker to log into the PCP host and gain low-privilege OS access, then escalate to root privileges. The issue stems from a hard-...
CVE-2019-1856
Cisco Prime Collaboration Assurance (PCA) web-based management interface vulnerability (CVE-2019-1856) allows unauthenticated remote attackers to perform cross-site scripting (XSS) by abusing insufficient validation of data from external devices. A successful exploit could execute arbitrary scrip...
CVE-2015-4306
Cisco Prime Collaboration Assurance web framework before 10.5.1.53684-1 is vulnerable to a session-ID-based escalation where remote authenticated users can bypass login restrictions and impersonate administrators for arbitrary tenant domains via crafted URLs (CVE-2015-4306; related CVEs 4304/4305...
CVE-2017-3844
Cisco Prime Collaboration Assurance contains a directory listing vulnerability (CVE-2017-3844) that could allow an authenticated remote attacker to enumerate and download files via crafted HTTP requests. Affected firmware: PCP versions 11.0, 11.1, and 11.5 (11.5(0) specifically listed); releases ...
CVE-2018-15438
CVE-2018-15438 concerns Cisco Prime Collaboration Assurance and its web-based management interface. The issue is a CSRF vulnerability arising from insufficient CSRF protections, enabling an unauthenticated, remote attacker to persuade a user to click a malicious link and perform arbitrary actions...
CVE-2019-1662
CVE-2019-1662 concerns Cisco Prime Collaboration Assurance (PCA) software, specifically the Quality of Voice Reporting (QOVR) service. Affected releases are PCA before 12.1 SP2. The vulnerability stems from insufficient authentication controls, allowing an unauthenticated, remote attacker to conn...
CVE-2015-4304
CVE-2015-4304 — Cisco Prime Collaboration Assurance : The web framework (Cisco Prime Collaboration Assurance) before 10.5.1.53684-1 contains an authorization/access control flaw in its web framework that allows an authenticated remote attacker to bypass restrictions via a crafted URL. This can en...
CVE-2015-6328
CVE-2015-6328 affects Cisco Prime Collaboration Assurance (PCA) 10.5(1). The web framework allows remote authenticated users to bypass access controls and read arbitrary files via a crafted URL (information disclosure). This is due to incorrect implementation of access control in the PCA web comp...
CVE-2017-6659
CVE-2017-6659 concerns Cisco Prime Collaboration Assurance’s web-based management interface. A CSRF vulnerability could allow an unauthenticated, remote attacker to perform arbitrary actions on an affected device due to insufficient CSRF protections. Affected releases are 11.5(0) and 11.6. The is...
CVE-2017-3843
Cisco Prime Collaboration Assurance is affected by CVE-2017-3843. The vulnerability resides in the product’s file download functions and stems from a lack of proper input validation of HTTP requests, allowing an authenticated, remote attacker to download restricted system files. The known affecte...
CVE-2016-1392
Cisco Prime Collaboration Assurance Software versions 10.5–11.0 suffer an open redirect vulnerability in the web interface due to improper input validation of HTTP request parameters. An unauthenticated, remote attacker could entice a user to click a crafted link and redirect them to a malicious ...
CVE-2018-0458
CVE-2018-0458 affects Cisco Prime Collaboration Assurance (PCA) web-based management interface. The vulnerability stems from insufficient validation of user-supplied input, enabling unauthenticated, remote attackers to conduct a cross-site scripting (XSS) attack by tricking a user into clicking a...
CVE-2015-6331
CVE-2015-6331 is a SQL injection vulnerability in the web framework of Cisco Prime Collaboration Assurance (PCA). The issue affects PCA 10.5.1.x before 10.5.1.58480, with an authenticated remote attacker able to inject or manipulate SQL via input used in backend queries, potentially exposing or m...
CVE-2015-6389
Cisco Prime Collaboration Assurance before 11.0 is affected by CVE-2015-6389 due to a hardcoded cmuser account. An undocumented default account with a known password enables remote SSH login, granting access with limited permissions. Root cause: installation creates a persistent, unchangeable cmu...
CVE-2016-9200
Cisco Prime Collaboration Assurance is affected by an XSS vulnerability in its web framework code. The issue allows an unauthenticated, remote attacker to inject scripts via web input due to insufficient input validation, potentially impacting users of the web interface. Affected releases include...
CVE-2017-3845
CVE-2017-3845 concerns a cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance. Affected: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 (11.5(0) affected); earlier than 11.0 not vulnerable. Root cause: in...
CVE-2015-4305
Cisco Prime Collaboration Assurance before 10.5.1.53684-1 contains an information-disclosure vulnerability in the web framework where authenticated, remote attackers can bypass read restrictions via a crafted URL to obtain credentials and SNMP community strings for devices imported into the syste...
CVE-2015-6330
Cisco Prime Collaboration Assurance (versions 10.5(1) and 10.6) is affected by a CSRF vulnerability in its web interface due to insufficient CSRF protections. This could allow a remote, unauthenticated attacker to hijack the authentication of arbitrary users by enticing them to visit a crafted li...