Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Prime_collaboration
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-07 | CVE-2018-0319 | A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level... | Prime_collaboration, Prime_collaboration_provisioning | 9.8 | ||
| 2018-06-07 | CVE-2018-0318 | A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges... | Prime_collaboration, Prime_collaboration_provisioning | 9.8 | ||
| 2018-06-07 | CVE-2018-0317 | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an access request. An exploit could allow the attacker to promote their account to any role defined on the system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2... | Prime_collaboration, Prime_collaboration_provisioning | 8.8 | ||
| 2018-03-08 | CVE-2018-0141 | A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged... | Prime_collaboration, Prime_collaboration_assurance, Prime_collaboration_provisioning | 8.4 | ||
| 2016-02-12 | CVE-2016-1320 | The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. | Prime_collaboration | 6.7 | ||
| 2015-07-18 | CVE-2015-4280 | Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844. | Prime_collaboration | N/A | ||
| 2015-06-17 | CVE-2015-4188 | SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. | Prime_collaboration | N/A | ||
| 2013-12-03 | CVE-2013-6690 | Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161. | Prime_collaboration | N/A | ||
| 2013-04-29 | CVE-2013-1196 | The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs... | Application_networking_manager, Context_directory_agent, Identity_services_engine_software, Network_services_manager, Prime_collaboration, Prime_data_center_network_manager, Prime_lan_management_solution, Prime_network_control_system, Quad, Secure_access_control_system, Unified_provisioning_manager | N/A | ||
| 2013-02-19 | CVE-2013-1125 | The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025,... | Application_networking_manager, Context_directory_agent, Identity_services_engine_software, Network_services_manager, Prime_collaboration, Prime_lan_management_solution, Prime_network_control_system, Quad, Secure_access_control_system, Unified_provisioning_manager | N/A |