Page 2 of 21 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges. Una vulnerabilidad en la función de instalación de Cisco Prime Collaboration Provisioning (PCP) podría permitir que un atacante remoto no autenticado acceda a la interfaz web de administración mediante un usuario y contraseña por defecto embebidos empleados durante la instalación. La vulnerabilidad se debe a una contraseña embebida que, en algunos casos, no se reemplaza con una contraseña única. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password • CWE-255: Credentials Management Errors CWE-798: Use of Hard-coded Credentials •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. • http://www.securityfocus.com/bid/104942 http://www.securitytracker.com/id/1041409 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp-dos • CWE-285: Improper Authorization •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578. • http://www.securityfocus.com/bid/104429 http://www.securitytracker.com/id/1041083 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-escalation • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictions on the Help Desk and User Provisioning roles that are assigned to authenticated users. This failure could allow an authenticated attacker to modify critical attributes of higher-privileged accounts on the device. A successful exploit could allow the attacker to gain elevated privileges on the device. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. • http://www.securityfocus.com/bid/104443 http://www.securitytracker.com/id/1041064 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61754. • http://www.securityfocus.com/bid/104416 http://www.securitytracker.com/id/1041084 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •