CVSS: 9.1EPSS: 1%CPEs: 3EXPL: 0CVE-2019-1662 – Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability
https://notcve.org/view.php?id=CVE-2019-1662
21 Feb 2019 — A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerabilit... • http://www.securityfocus.com/bid/107096 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2018-0321
https://notcve.org/view.php?id=CVE-2018-0321
07 Jun 2018 — A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected to it. This ... • http://www.securityfocus.com/bid/104409 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6659
https://notcve.org/view.php?id=CVE-2017-6659
13 Jun 2017 — A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6. Una vulnerabilidad en la interfaz de administración basada en web de Prime Collaboration Assurance de Cisco, podría permitir a un atacante remoto no identificado conducir un ataque de tipo cross-... • http://www.securityfocus.com/bid/98970 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3845
https://notcve.org/view.php?id=CVE-2017-3845
22 Feb 2017 — A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc77783. Known Affected Relea... • http://www.securityfocus.com/bid/96245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3843
https://notcve.org/view.php?id=CVE-2017-3843
22 Feb 2017 — A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0). Una vulnerabilidad en las funciones de descarga de archivos para Cisco Prime Collaboration Assurance podría permitir a un atacante remoto autenticado descargar archivos del sistema que deberían estar restringidos. Más Información: CSCvc99446. • http://www.securityfocus.com/bid/96248 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3844
https://notcve.org/view.php?id=CVE-2017-3844
22 Feb 2017 — A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc86238. Known Affected Releases: 11.5(0). • http://www.securityfocus.com/bid/96247 • CWE-20: Improper Input Validation •