CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0317
https://notcve.org/view.php?id=CVE-2018-0317
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an access request. An exploit could allow the attacker to promote their account to any role defined on the system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. • http://www.securityfocus.com/bid/104432 http://www.securitytracker.com/id/1041080 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0318
https://notcve.org/view.php?id=CVE-2018-0318
A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. • http://www.securityfocus.com/bid/104434 http://www.securitytracker.com/id/1041082 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset • CWE-255: Credentials Management Errors CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1320
https://notcve.org/view.php?id=CVE-2016-1320
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. El CLI en Cisco Prime Collaboration 9.0 y 11.0 permite a usuarios locales ejecutar comandos SO arbitrarios como root aprovechando privilegios de administrador, también conocida como Bug ID CSCux69286. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160209-pcp https://www.tenable.com/security/research/tra-2016-38 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4188
https://notcve.org/view.php?id=CVE-2015-4188
SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. Vulnerabilidad de inyección SQL en la interfaz Manager en Cisco Prime Collaboration 10.5(1) permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocida como Bug IDs CSCuu29910, CSCuu29928, y CSCuu59104. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39365 http://www.securityfocus.com/bid/75268 http://www.securitytracker.com/id/1032592 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •