6 results (0.006 seconds)

CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerability affects Cisco PCA Software Releases prior to 12.1 SP2. • http://www.securityfocus.com/bid/107096 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-pca-access • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected to it. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. • http://www.securityfocus.com/bid/104409 http://www.securitytracker.com/id/1041085 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi • CWE-287: Improper Authentication •

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121. Vulnerabilidad de redirección abierta en Cisco Prime Collaboration Assurance Software 10.5 hasta la versión 11.0 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phising a través de vectores no especificados, también conocido como Bug ID CSCuu34121. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca http://www.securitytracker.com/id/1035736 •

CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334. Vulnerabilidad en el framework web en Cisco Prime Collaboration Assurance en versiones anteriores a 10.5.1.53684-1, permite a usuarios remotos autenticados eludir las restricciones de lectura destinadas a la sesión de inicio y hacerse pasar por administradores de dominios arrendados arbitrarios mediante el descubrimiento de un identificador de sesión y la construcción de una URL manipulada, también conocida como Bug IDs CSCus88343 y CSCus88334. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca http://www.securitytracker.com/id/1033581 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. Vulnerabilidad en el framework web en Cisco Prime Collaboration Assurance en versiones anteriores a 10.5.1.53684-1, permite a usuarios remotos autenticados eludir las restricciones de lectura destinadas al sistema de base de datos y descubrir las credenciales o comunidades SNMP para dominios arrendados arbitrarios, a través de una URL manipulada, también conocida como Bug ID CSCus62656. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca http://tools.cisco.com/security/center/viewAlert.x?alertId=40520 http://www.securitytracker.com/id/1033581 • CWE-264: Permissions, Privileges, and Access Controls •