CVE-2018-0318
https://notcve.org/view.php?id=CVE-2018-0318
A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. • http://www.securityfocus.com/bid/104434 http://www.securitytracker.com/id/1041082 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset • CWE-255: Credentials Management Errors CWE-287: Improper Authentication •
CVE-2018-0141
https://notcve.org/view.php?id=CVE-2018-0141
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. • http://www.securityfocus.com/bid/103329 http://www.securitytracker.com/id/1040462 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp • CWE-798: Use of Hard-coded Credentials •
CVE-2016-1320
https://notcve.org/view.php?id=CVE-2016-1320
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. El CLI en Cisco Prime Collaboration 9.0 y 11.0 permite a usuarios locales ejecutar comandos SO arbitrarios como root aprovechando privilegios de administrador, también conocida como Bug ID CSCux69286. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160209-pcp https://www.tenable.com/security/research/tra-2016-38 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-4280
https://notcve.org/view.php?id=CVE-2015-4280
Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844. Vulnerabilidad en Cisco Prime Collaboration Assurance 10.0 permite a atacantes remotos causar denegación de servicio (interrupción del servicio HTTP) a través de una solicitud HTTP manipulada, también conocido como Bug ID CSCum38844. • http://tools.cisco.com/security/center/viewAlert.x?alertId=40003 http://www.securityfocus.com/bid/75931 http://www.securitytracker.com/id/1032968 • CWE-399: Resource Management Errors •
CVE-2015-4188
https://notcve.org/view.php?id=CVE-2015-4188
SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. Vulnerabilidad de inyección SQL en la interfaz Manager en Cisco Prime Collaboration 10.5(1) permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocida como Bug IDs CSCuu29910, CSCuu29928, y CSCuu59104. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39365 http://www.securityfocus.com/bid/75268 http://www.securitytracker.com/id/1032592 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •