CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1659 – Cisco Prime Infrastructure Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1659
21 Feb 2019 — A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept communication... • http://www.securityfocus.com/bid/107092 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1643 – Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1643
23 Jan 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted l... • http://www.securityfocus.com/bid/106702 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15457 – Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2018-15457
10 Jan 2019 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. ... • http://www.securityfocus.com/bid/106509 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0482 – Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2018-0482
10 Jan 2019 — A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful e... • http://www.securityfocus.com/bid/106514 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 89%CPEs: 10EXPL: 3CVE-2018-15379 – Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-15379
05 Oct 2018 — A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malic... • https://packetstorm.news/files/id/150287 • CWE-275: Permission Issues CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15432 – Cisco Prime Infrastructure Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-15432
05 Oct 2018 — A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. Una vulnerabilidad en la característica de backup del servidor en Cisco Prime Infrastructure... • http://www.securityfocus.com/bid/105563 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15433 – Cisco Prime Infrastructure Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-15433
05 Oct 2018 — A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. Una vulnerabilidad en la característica de backup del servidor en Cisco Prime Infrastructure... • http://www.securityfocus.com/bid/105562 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 34%CPEs: 3EXPL: 0CVE-2018-0258
https://notcve.org/view.php?id=CVE-2018-0258
02 May 2018 — A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727. Una vulnerabilidad en el servlet Cisco Prime File Upload que afecta a ... • http://www.securityfocus.com/bid/104074 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0096
https://notcve.org/view.php?id=CVE-2018-0096
18 Jan 2018 — A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker... • http://www.securityfocus.com/bid/102727 • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0097
https://notcve.org/view.php?id=CVE-2018-0097
18 Jan 2018 — A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phish... • http://www.securityfocus.com/bid/102724 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •