CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0321
https://notcve.org/view.php?id=CVE-2018-0321
07 Jun 2018 — A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected to it. This ... • http://www.securityfocus.com/bid/104409 • CWE-287: Improper Authentication •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0141
https://notcve.org/view.php?id=CVE-2018-0141
08 Mar 2018 — A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low... • http://www.securityfocus.com/bid/103329 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0204
https://notcve.org/view.php?id=CVE-2018-0204
22 Feb 2018 — A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by using a brute-force attack (Repeated Bad Login Attempts). A successful exploit could allow the attacker to restrict user access. Manual administrative intervention is required to restore access. • http://www.securityfocus.com/bid/103150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-521: Weak Password Requirements •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0205
https://notcve.org/view.php?id=CVE-2018-0205
22 Feb 2018 — A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by placing a malicious string in the Prime Collaboration Provisioning database. A successful exploit could allow the attacker to access Cisco Prime Collaboration Provisioning by injecting crafted data into the database. ... • http://www.securityfocus.com/bid/103145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12276
https://notcve.org/view.php?id=CVE-2017-12276
02 Nov 2017 — A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by se... • http://www.securityfocus.com/bid/101640 • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6756
https://notcve.org/view.php?id=CVE-2017-6756
07 Aug 2017 — A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user's browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280. Una vulnerabilidad en la aplicación de interfaz de usuario web de Cisco Prime Coll... • http://www.securityfocus.com/bid/100112 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6759
https://notcve.org/view.php?id=CVE-2017-6759
07 Aug 2017 — A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304. Una vulnerabilidad en UpgradeManager del Cisco Prime Collaboration Provisioning Tool 12.1 podría permitir que un atacante remoto au... • http://www.securitytracker.com/id/1039062 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6755
https://notcve.org/view.php?id=CVE-2017-6755
25 Jul 2017 — A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1. Una vulnerabilidad en el portal web de Cisco Prime Collaboration Provisioning (PCP) Tool podría permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un ... • http://www.securityfocus.com/bid/99878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6704
https://notcve.org/view.php?id=CVE-2017-6704
04 Jul 2017 — A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1. Una vulnerabilidad en la aplicación web en la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante remoto identificado conducir descargas de archivos arbitrarias que podrí... • http://www.securityfocus.com/bid/99223 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6703
https://notcve.org/view.php?id=CVE-2017-6703
04 Jul 2017 — A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1. Una vulnerabilidad en la aplicación web en la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante remoto no identificado secuestrar la sesión de otro usuario. Más información: CSCvc90346. • http://www.securityfocus.com/bid/99224 • CWE-287: Improper Authentication •