CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-6698 – Cisco Prime Infrastructure 3.1.6 XXE Injection / XSS / LFD / SQL Injection
https://notcve.org/view.php?id=CVE-2017-6698
22 Jun 2017 — A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B). Una vulnerabilidad en la interfaz de base de datos SQL de Prime Infrastructure (PI) y Evolved Programm... • https://packetstorm.news/files/id/143111 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2017-6699 – Cisco Prime Infrastructure 3.1.6 XXE Injection / XSS / LFD / SQL Injection
https://notcve.org/view.php?id=CVE-2017-6699
22 Jun 2017 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B). Una vulnerabilidad en la interfaz de administración basada en web de Prime Infrastructure (PI) y... • https://packetstorm.news/files/id/143111 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-6700 – Cisco Prime Infrastructure 3.1.6 XXE Injection / XSS / LFD / SQL Injection
https://notcve.org/view.php?id=CVE-2017-6700
22 Jun 2017 — A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24620 CSCvc49586. Known Affected Releases: 3.1(1) 2.0(4.0.45B). Una vulnerabilidad en la interfaz de administración ba... • https://packetstorm.news/files/id/143111 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-3884
https://notcve.org/view.php?id=CVE-2017-3884
07 Apr 2017 — A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45... • http://www.securityfocus.com/bid/97470 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3869
https://notcve.org/view.php?id=CVE-2017-3869
17 Mar 2017 — An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known Affected Releases: 3.1(1) 3.1(1). Una vulnerabilidad de API Credentials Management en las API de Cisco Prime Infrastructure podría permitir a un atacante remoto autenticado acceder a una API que debería estar restringida a un usuari... • http://www.securityfocus.com/bid/96931 •
CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0CVE-2016-6443
https://notcve.org/view.php?id=CVE-2016-6443
27 Oct 2016 — A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A). Una vulnerabilidad en Cisco Prime Infrastructure y en la interfaz de la base de datos SQL de Evolved Programmable Network Manager pod... • http://www.securityfocus.com/bid/93522 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1442
https://notcve.org/view.php?id=CVE-2016-1442
07 Jul 2016 — The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280. La interfáz de web administrativa en Cisco Prime Infrastructure (PI) en versiones anteriores a 3.1.1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de valores de campo manipulados, también conocido como Bug ID CSCuy96280. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-pi • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2016-1408
https://notcve.org/view.php?id=CVE-2016-1408
02 Jul 2016 — Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488. Cisco Prime Infrastructure 1.2 hasta la versión 3.1 y Evolved Programmable Network Manager (EPNM) 1.2 y 2.0 permite a usuarios remotos autenticado ejecutar comandos arbitrarios o subir archivos a través de una petición HTTP manipulada, también conocida como Bug ID CSCuz01488. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1358
https://notcve.org/view.php?id=CVE-2016-1358
03 Mar 2016 — Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497. Cisco Prime Infrastructure 2.2, 3.0 y 3.1(0.0) permite a usuarios remotos autenticados leer archivos arbitrarios o provocar una denegación del servicio a través de un documento XML que contiene una decl... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •