CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1662 – Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability
https://notcve.org/view.php?id=CVE-2019-1662
A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerability affects Cisco PCA Software Releases prior to 12.1 SP2. • http://www.securityfocus.com/bid/107096 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-pca-access • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2017-6779
https://notcve.org/view.php?id=CVE-2017-6779
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •