CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6759
https://notcve.org/view.php?id=CVE-2017-6759
07 Aug 2017 — A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304. Una vulnerabilidad en UpgradeManager del Cisco Prime Collaboration Provisioning Tool 12.1 podría permitir que un atacante remoto au... • http://www.securitytracker.com/id/1039062 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6755
https://notcve.org/view.php?id=CVE-2017-6755
25 Jul 2017 — A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1. Una vulnerabilidad en el portal web de Cisco Prime Collaboration Provisioning (PCP) Tool podría permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un ... • http://www.securityfocus.com/bid/99878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6706
https://notcve.org/view.php?id=CVE-2017-6706
04 Jul 2017 — A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1. Una vulnerabilidad en el subsistema de registro de la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante local no identificado adquirir información confidencial. Más información: CSCvd07260. • http://www.securityfocus.com/bid/99204 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 1%CPEs: 4EXPL: 0CVE-2017-6703
https://notcve.org/view.php?id=CVE-2017-6703
04 Jul 2017 — A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1. Una vulnerabilidad en la aplicación web en la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante remoto no identificado secuestrar la sesión de otro usuario. Más información: CSCvc90346. • http://www.securityfocus.com/bid/99224 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-6704
https://notcve.org/view.php?id=CVE-2017-6704
04 Jul 2017 — A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1. Una vulnerabilidad en la aplicación web en la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante remoto identificado conducir descargas de archivos arbitrarias que podrí... • http://www.securityfocus.com/bid/99223 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6705
https://notcve.org/view.php?id=CVE-2017-6705
04 Jul 2017 — A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1. Una vulnerabilidad en el sistema de archivos de la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante local identificado adquirir información confidencial. Más información: CSCvc82973. • http://www.securityfocus.com/bid/99206 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6659
https://notcve.org/view.php?id=CVE-2017-6659
13 Jun 2017 — A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6. Una vulnerabilidad en la interfaz de administración basada en web de Prime Collaboration Assurance de Cisco, podría permitir a un atacante remoto no identificado conducir un ataque de tipo cross-... • http://www.securityfocus.com/bid/98970 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 4%CPEs: 10EXPL: 0CVE-2017-6635 – Cisco Prime Collaboration Provisioning licensestatus Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2017-6635
22 May 2017 — A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques... • http://www.securityfocus.com/bid/98535 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 3%CPEs: 8EXPL: 0CVE-2017-6636 – Cisco Prime Collaboration Provisioning Logs Directory Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-6636
22 May 2017 — A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to ... • http://www.securityfocus.com/bid/98526 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2017-6637 – Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2017-6637
22 May 2017 — A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques... • http://www.securityfocus.com/bid/98530 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •