9 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user's session. Known Affected Releases 4.2(5). • http://www.securitytracker.com/id/1039285 https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf58392 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-prime-lms • CWE-287: Improper Authentication CWE-384: Session Fixation •

CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0

Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. Cisco Prime LAN Management Solution (LMS) hasta la versión 4.2.5 utiliza la misma clave de cifrado de base de datos a través de instalaciones de clientes diferentes, lo que permite a usuarios locales obtener datos en texto plano aprovechando la conectividad de la consola, también conocida como Bug ID CSCuw85390. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms http://www.securitytracker.com/id/1035313 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263. Múltiples vulnerabilidades de XSS en la páginas de ayuda en Cisco Common Services, utilizado en Cisco Prime LAN Management Solution (LMS) y Cisco Security Manager, permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de parámetros no especificados, también conocido como Bug IDs CSCuq54654 y CSCun18263. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0594 http://www.securityfocus.com/bid/72793 http://www.securitytracker.com/id/1031813 http://www.securitytracker.com/id/1031814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCug77823. Cisco Prime LAN Management Solutions (LMS) no restringe correctamente el uso de elementos IFRAME, lo cual facilita a atacantes remotos ejecutar ataques de clickjacking y otros ataques no especificados a través de un sitio web manipulado, relacionado al problema "cross-frame scripting (XFS)", también conocido como Bug ID CSCug77823. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5482 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969. Cisco Common Services, utilizado en Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, y Cisco Unified Operations Manager, no interactua apropiadamente con el componente ActiveMQ, lo que permite a atacantes remotos causar una denegación de servicio (agotamiento de memoria) a través de sesiones TCP simultáneas, tambien conocidas como Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, y CSCuh95969. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488 http://tools.cisco.com/security/center/viewAlert.x?alertId=30749 http://www.securityfocus.com/bid/62333 https://exchange.xforce.ibmcloud.com/vulnerabilities/87026 • CWE-20: Improper Input Validation •