Total
61 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1359 | 1 Cisco | 1 Prime Infrastructure | 2019-07-29 | 6.5 MEDIUM | 8.8 HIGH |
Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494. | |||||
CVE-2016-1442 | 1 Cisco | 1 Prime Infrastructure | 2019-07-29 | 9.0 HIGH | 8.8 HIGH |
The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280. | |||||
CVE-2017-3848 | 1 Cisco | 1 Prime Infrastructure | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0). | |||||
CVE-2017-6699 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | |||||
CVE-2019-1821 | 1 Cisco | 3 Evolved Programmable Network Manager, Network Level Service, Prime Infrastructure | 2019-06-19 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system. | |||||
CVE-2014-2147 | 1 Cisco | 1 Prime Infrastructure | 2017-08-28 | 4.3 MEDIUM | N/A |
The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444. | |||||
CVE-2014-2152 | 1 Cisco | 1 Prime Infrastructure | 2017-08-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. | |||||
CVE-2014-2153 | 1 Cisco | 1 Prime Infrastructure | 2017-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869. | |||||
CVE-2017-6782 | 1 Cisco | 1 Prime Infrastructure | 2017-08-25 | 4.9 MEDIUM | 5.4 MEDIUM |
A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code. Cisco Bug IDs: CSCve47074. Known Affected Releases: 3.2(0.0). | |||||
CVE-2016-1474 | 1 Cisco | 1 Prime Infrastructure | 2017-08-15 | 4.3 MEDIUM | 4.3 MEDIUM |
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434. | |||||
CVE-2017-6611 | 1 Cisco | 1 Prime Infrastructure | 2017-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCuw65830. | |||||
CVE-2017-6700 | 1 Cisco | 1 Prime Infrastructure | 2017-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24620 CSCvc49586. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | |||||
CVE-2017-6698 | 1 Cisco | 1 Prime Infrastructure | 2017-07-07 | 5.5 MEDIUM | 5.4 MEDIUM |
A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | |||||
CVE-2017-6725 | 1 Cisco | 1 Prime Infrastructure | 2017-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65833 CSCuw65837. Known Affected Releases: 2.2(2). | |||||
CVE-2017-6724 | 1 Cisco | 1 Prime Infrastructure | 2017-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65843. Known Affected Releases: 3.1(0.0). | |||||
CVE-2015-4331 | 1 Cisco | 1 Prime Infrastructure | 2017-01-04 | 3.5 LOW | N/A |
Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958. | |||||
CVE-2014-8007 | 1 Cisco | 1 Prime Infrastructure | 2017-01-02 | 4.0 MEDIUM | N/A |
Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019. | |||||
CVE-2015-6332 | 1 Cisco | 1 Prime Infrastructure | 2016-12-09 | 5.0 MEDIUM | N/A |
Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830. | |||||
CVE-2015-6434 | 1 Cisco | 1 Prime Infrastructure | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856. | |||||
CVE-2013-1247 | 1 Cisco | 1 Prime Infrastructure | 2013-06-02 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356. |