CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 0CVE-2019-1822 – Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1822
16 May 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker... • http://www.securityfocus.com/bid/108339 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 2%CPEs: 3EXPL: 0CVE-2019-1823 – Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1823
16 May 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker... • http://www.securityfocus.com/bid/108339 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1824 – Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1824
16 May 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the att... • http://www.securityfocus.com/bid/108337 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1825 – Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1825
16 May 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the att... • http://www.securityfocus.com/bid/108337 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1659 – Cisco Prime Infrastructure Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1659
21 Feb 2019 — A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept communication... • http://www.securityfocus.com/bid/107092 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1643 – Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1643
23 Jan 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted l... • http://www.securityfocus.com/bid/106702 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15457 – Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2018-15457
10 Jan 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. ... • http://www.securityfocus.com/bid/106509 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0482 – Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2018-0482
10 Jan 2019 — A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful e... • http://www.securityfocus.com/bid/106514 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 89%CPEs: 10EXPL: 3CVE-2018-15379 – Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-15379
05 Oct 2018 — A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malic... • https://packetstorm.news/files/id/150287 • CWE-275: Permission Issues CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15432 – Cisco Prime Infrastructure Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-15432
05 Oct 2018 — A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. Una vulnerabilidad en la característica de backup del servidor en Cisco Prime Infrastructure... • http://www.securityfocus.com/bid/105563 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •