CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0318
https://notcve.org/view.php?id=CVE-2018-0318
A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. • http://www.securityfocus.com/bid/104434 http://www.securitytracker.com/id/1041082 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset • CWE-255: Credentials Management Errors CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1320
https://notcve.org/view.php?id=CVE-2016-1320
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. El CLI en Cisco Prime Collaboration 9.0 y 11.0 permite a usuarios locales ejecutar comandos SO arbitrarios como root aprovechando privilegios de administrador, también conocida como Bug ID CSCux69286. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160209-pcp https://www.tenable.com/security/research/tra-2016-38 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •