CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6611
https://notcve.org/view.php?id=CVE-2017-6611
20 Apr 2017 — A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An explo... • http://www.securityfocus.com/bid/97931 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3848
https://notcve.org/view.php?id=CVE-2017-3848
07 Apr 2017 — A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0). Una vulnerabilidad en la interfaz de administración basada en web HTTP de Cisco Prime Infrastructure podría permitir que un atacante remoto no autenticado lleve a... • http://www.securityfocus.com/bid/96505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-3884
https://notcve.org/view.php?id=CVE-2017-3884
07 Apr 2017 — A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45... • http://www.securityfocus.com/bid/97470 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3869
https://notcve.org/view.php?id=CVE-2017-3869
17 Mar 2017 — An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known Affected Releases: 3.1(1) 3.1(1). Una vulnerabilidad de API Credentials Management en las API de Cisco Prime Infrastructure podría permitir a un atacante remoto autenticado acceder a una API que debería estar restringida a un usuari... • http://www.securityfocus.com/bid/96931 •
CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0CVE-2016-6443
https://notcve.org/view.php?id=CVE-2016-6443
27 Oct 2016 — A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A). Una vulnerabilidad en Cisco Prime Infrastructure y en la interfaz de la base de datos SQL de Evolved Programmable Network Manager pod... • http://www.securityfocus.com/bid/93522 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1474
https://notcve.org/view.php?id=CVE-2016-1474
08 Aug 2016 — Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434. Cisco Prime Infrastructure 2.2(2) no restingue adecuadamente uso de elementos IFRAME, lo que facilita a atacantes remotos llevar a cabo ataques clickjacking y otros ataques no esp... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-cpi • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1442
https://notcve.org/view.php?id=CVE-2016-1442
07 Jul 2016 — The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280. La interfáz de web administrativa en Cisco Prime Infrastructure (PI) en versiones anteriores a 3.1.1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de valores de campo manipulados, también conocido como Bug ID CSCuy96280. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-pi • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 6%CPEs: 14EXPL: 0CVE-2016-1289
https://notcve.org/view.php?id=CVE-2016-1289
02 Jul 2016 — The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231. La API en Cisco Prime Infrastructure 1.2 hasta la versión 3.0 y Evolved Programmable Network Manager (EPNM) 1.2 permite a atacantes remotos ejecutar código arbitrario u obtener información de gestión sen... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2016-1408
https://notcve.org/view.php?id=CVE-2016-1408
02 Jul 2016 — Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488. Cisco Prime Infrastructure 1.2 hasta la versión 3.1 y Evolved Programmable Network Manager (EPNM) 1.2 y 2.0 permite a usuarios remotos autenticado ejecutar comandos arbitrarios o subir archivos a través de una petición HTTP manipulada, también conocida como Bug ID CSCuz01488. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2016-1406
https://notcve.org/view.php?id=CVE-2016-1406
25 May 2016 — The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. La interfaz web API en Cisco Prime Infrastructure en versiones anteriores a 3.1 y Cisco Evolved Programmable Network Manager en versiones anteriores a 1.2.4 permite a usuarios remotos autenticados eludir ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm • CWE-284: Improper Access Control •