CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-6700 – Cisco Prime Infrastructure 3.1.6 XXE Injection / XSS / LFD / SQL Injection
https://notcve.org/view.php?id=CVE-2017-6700
22 Jun 2017 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24620 CSCvc49586. Known Affected Releases: 3.1(1) 2.0(4.0.45B). Una vulnerabilidad en la interfaz de administración ba... • https://packetstorm.news/files/id/143111 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3848
https://notcve.org/view.php?id=CVE-2017-3848
07 Apr 2017 — A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0). Una vulnerabilidad en la interfaz de administración basada en web HTTP de Cisco Prime Infrastructure podría permitir que un atacante remoto no autenticado lleve a... • http://www.securityfocus.com/bid/96505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-3884
https://notcve.org/view.php?id=CVE-2017-3884
07 Apr 2017 — A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45... • http://www.securityfocus.com/bid/97470 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0CVE-2016-6443
https://notcve.org/view.php?id=CVE-2016-6443
27 Oct 2016 — A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A). Una vulnerabilidad en Cisco Prime Infrastructure y en la interfaz de la base de datos SQL de Evolved Programmable Network Manager pod... • http://www.securityfocus.com/bid/93522 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1442
https://notcve.org/view.php?id=CVE-2016-1442
07 Jul 2016 — The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280. La interfáz de web administrativa en Cisco Prime Infrastructure (PI) en versiones anteriores a 3.1.1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de valores de campo manipulados, también conocido como Bug ID CSCuy96280. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-pi • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2016-1408
https://notcve.org/view.php?id=CVE-2016-1408
02 Jul 2016 — Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488. Cisco Prime Infrastructure 1.2 hasta la versión 3.1 y Evolved Programmable Network Manager (EPNM) 1.2 y 2.0 permite a usuarios remotos autenticado ejecutar comandos arbitrarios o subir archivos a través de una petición HTTP manipulada, también conocida como Bug ID CSCuz01488. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2016-1406
https://notcve.org/view.php?id=CVE-2016-1406
25 May 2016 — The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. La interfaz web API en Cisco Prime Infrastructure en versiones anteriores a 3.1 y Cisco Evolved Programmable Network Manager en versiones anteriores a 1.2.4 permite a usuarios remotos autenticados eludir ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1358
https://notcve.org/view.php?id=CVE-2016-1358
03 Mar 2016 — Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497. Cisco Prime Infrastructure 2.2, 3.0 y 3.1(0.0) permite a usuarios remotos autenticados leer archivos arbitrarios o provocar una denegación del servicio a través de un documento XML que contiene una decl... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1359
https://notcve.org/view.php?id=CVE-2016-1359
03 Mar 2016 — Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494. Cisco Prime Infrastructure 3.0 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una petición HTTP manipulada que no es manejada correctamente durante la visualización de un archivo de registro, también conocido como Bug ID CSCuw81494. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi1 • CWE-20: Improper Input Validation •