Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0321 | 1 Cisco | 3 Prime Collaboration, Prime Collaboration Assurance, Prime Collaboration Provisioning | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected to it. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd61746. | |||||
| CVE-2018-0318 | 1 Cisco | 2 Prime Collaboration, Prime Collaboration Provisioning | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07245. | |||||
| CVE-2018-0319 | 1 Cisco | 2 Prime Collaboration, Prime Collaboration Provisioning | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07253. | |||||
| CVE-2018-0320 | 1 Cisco | 2 Prime Collaboration, Prime Collaboration Provisioning | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61754. | |||||
| CVE-2017-6622 | 1 Cisco | 1 Prime Collaboration Provisioning | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724. | |||||
| CVE-2016-1416 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-09-01 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. | |||||