Lucene search
K
CiscoPrime Collaboration Assurance

20 matches found

CVE
CVE
added 2018/06/07 12:0 p.m.72 views

CVE-2018-0321

CVE-2018-0321 describes an unauthenticated remote access vulnerability in Cisco Prime Collaboration Provisioning (PCP) caused by an open port in the Network Interface and Configuration Engine (NICE) that exposes the Java RMI system. A remote attacker could access the RMI interface on affected PCP...

9.8CVSS9.4AI score0.03618EPSS
CVE
CVE
added 2018/06/07 12:0 p.m.69 views

CVE-2017-6779

CVE-2017-6779 affects multiple Cisco VOS-based products (Emergency Responder, Finesse, UCM family, Unity Connection, UIC, SME, UCCx, MediaSense, Prime products, and related). Root cause: system log file has no maximum size limit, enabling an unauthenticated, remote attacker to cause high disk uti...

7.8CVSS7.5AI score0.01984EPSS
CVE
CVE
added 2018/03/08 7:0 a.m.68 views

CVE-2018-0141

Cisco Prime Collaboration Provisioning (PCP) Software 11.6 is affected by CVE-2018-0141, a hard-coded SSH password vulnerability that allows an unauthenticated, local attacker to log into the PCP host and gain low-privilege OS access, then escalate to root privileges. The issue stems from a hard-...

8.4CVSS8.8AI score0.00425EPSS
CVE
CVE
added 2019/05/03 4:40 p.m.61 views

CVE-2019-1856

Cisco Prime Collaboration Assurance (PCA) web-based management interface vulnerability (CVE-2019-1856) allows unauthenticated remote attackers to perform cross-site scripting (XSS) by abusing insufficient validation of data from external devices. A successful exploit could execute arbitrary scrip...

6.1CVSS6.2AI score0.01067EPSS
CVE
CVE
added 2015/09/20 1:0 a.m.58 views

CVE-2015-4306

Cisco Prime Collaboration Assurance web framework before 10.5.1.53684-1 is vulnerable to a session-ID-based escalation where remote authenticated users can bypass login restrictions and impersonate administrators for arbitrary tenant domains via crafted URLs (CVE-2015-4306; related CVEs 4304/4305...

8.5CVSS6.4AI score0.02279EPSS
CVE
CVE
added 2017/02/22 2:0 a.m.58 views

CVE-2017-3844

Cisco Prime Collaboration Assurance contains a directory listing vulnerability (CVE-2017-3844) that could allow an authenticated remote attacker to enumerate and download files via crafted HTTP requests. Affected firmware: PCP versions 11.0, 11.1, and 11.5 (11.5(0) specifically listed); releases ...

4.3CVSS4.9AI score0.0149EPSS
CVE
CVE
added 2018/10/17 10:0 p.m.56 views

CVE-2018-15438

CVE-2018-15438 concerns Cisco Prime Collaboration Assurance and its web-based management interface. The issue is a CSRF vulnerability arising from insufficient CSRF protections, enabling an unauthenticated, remote attacker to persuade a user to click a malicious link and perform arbitrary actions...

6.5CVSS6.8AI score0.01169EPSS
CVE
CVE
added 2019/02/21 5:0 p.m.56 views

CVE-2019-1662

CVE-2019-1662 concerns Cisco Prime Collaboration Assurance (PCA) software, specifically the Quality of Voice Reporting (QOVR) service. Affected releases are PCA before 12.1 SP2. The vulnerability stems from insufficient authentication controls, allowing an unauthenticated, remote attacker to conn...

9.1CVSS8.5AI score0.01781EPSS
CVE
CVE
added 2015/09/20 1:0 a.m.54 views

CVE-2015-4304

CVE-2015-4304 — Cisco Prime Collaboration Assurance : The web framework (Cisco Prime Collaboration Assurance) before 10.5.1.53684-1 contains an authorization/access control flaw in its web framework that allows an authenticated remote attacker to bypass restrictions via a crafted URL. This can en...

9CVSS6.4AI score0.02644EPSS
CVE
CVE
added 2015/10/13 12:0 a.m.54 views

CVE-2015-6328

CVE-2015-6328 affects Cisco Prime Collaboration Assurance (PCA) 10.5(1). The web framework allows remote authenticated users to bypass access controls and read arbitrary files via a crafted URL (information disclosure). This is due to incorrect implementation of access control in the PCA web comp...

6.8CVSS6.4AI score0.01885EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.54 views

CVE-2017-6659

CVE-2017-6659 concerns Cisco Prime Collaboration Assurance’s web-based management interface. A CSRF vulnerability could allow an unauthenticated, remote attacker to perform arbitrary actions on an affected device due to insufficient CSRF protections. Affected releases are 11.5(0) and 11.6. The is...

8.8CVSS8.8AI score0.00797EPSS
CVE
CVE
added 2017/02/22 2:0 a.m.52 views

CVE-2017-3843

Cisco Prime Collaboration Assurance is affected by CVE-2017-3843. The vulnerability resides in the product’s file download functions and stems from a lack of proper input validation of HTTP requests, allowing an authenticated, remote attacker to download restricted system files. The known affecte...

4.3CVSS5AI score0.0149EPSS
CVE
CVE
added 2016/05/05 9:0 p.m.50 views

CVE-2016-1392

Cisco Prime Collaboration Assurance Software versions 10.5–11.0 suffer an open redirect vulnerability in the web interface due to improper input validation of HTTP request parameters. An unauthenticated, remote attacker could entice a user to click a crafted link and redirect them to a malicious ...

7.4CVSS7.3AI score0.01002EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.50 views

CVE-2018-0458

CVE-2018-0458 affects Cisco Prime Collaboration Assurance (PCA) web-based management interface. The vulnerability stems from insufficient validation of user-supplied input, enabling unauthenticated, remote attackers to conduct a cross-site scripting (XSS) attack by tricking a user into clicking a...

6.1CVSS6AI score0.01783EPSS
CVE
CVE
added 2015/10/12 10:0 a.m.48 views

CVE-2015-6331

CVE-2015-6331 is a SQL injection vulnerability in the web framework of Cisco Prime Collaboration Assurance (PCA). The issue affects PCA 10.5.1.x before 10.5.1.58480, with an authenticated remote attacker able to inject or manipulate SQL via input used in backend queries, potentially exposing or m...

6.5CVSS8.2AI score0.01592EPSS
CVE
CVE
added 2015/12/13 2:0 a.m.45 views

CVE-2015-6389

Cisco Prime Collaboration Assurance before 11.0 is affected by CVE-2015-6389 due to a hardcoded cmuser account. An undocumented default account with a known password enables remote SSH login, granting access with limited permissions. Root cause: installation creates a persistent, unchangeable cmu...

9CVSS6.8AI score0.02601EPSS
CVE
CVE
added 2016/12/14 12:37 a.m.45 views

CVE-2016-9200

Cisco Prime Collaboration Assurance is affected by an XSS vulnerability in its web framework code. The issue allows an unauthenticated, remote attacker to inject scripts via web input due to insufficient input validation, potentially impacting users of the web interface. Affected releases include...

6.1CVSS6AI score0.01799EPSS
CVE
CVE
added 2017/02/22 2:0 a.m.45 views

CVE-2017-3845

CVE-2017-3845 concerns a cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance. Affected: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 (11.5(0) affected); earlier than 11.0 not vulnerable. Root cause: in...

6.1CVSS5.9AI score0.01543EPSS
CVE
CVE
added 2015/09/20 1:0 a.m.44 views

CVE-2015-4305

Cisco Prime Collaboration Assurance before 10.5.1.53684-1 contains an information-disclosure vulnerability in the web framework where authenticated, remote attackers can bypass read restrictions via a crafted URL to obtain credentials and SNMP community strings for devices imported into the syste...

4CVSS6.4AI score0.01943EPSS
CVE
CVE
added 2015/11/18 11:0 a.m.42 views

CVE-2015-6330

Cisco Prime Collaboration Assurance (versions 10.5(1) and 10.6) is affected by a CSRF vulnerability in its web interface due to insufficient CSRF protections. This could allow a remote, unauthenticated attacker to hijack the authentication of arbitrary users by enticing them to visit a crafted li...

6.8CVSS7.4AI score0.00587EPSS