Prime Lan Management Solution
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1360 | Hig | 0.46 | 7.1 | 0.00 | Mar 12, 2016 | Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. | ||
| CVE-2017-12225 | Med | 0.42 | 6.5 | 0.02 | Sep 7, 2017 | A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication… | ||
| CVE-2011-2738 | 0.01 | — | 0.11 | Sep 19, 2011 | Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix… | |||
| CVE-2009-1161 | 0.01 | — | 0.13 | May 21, 2009 | Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified… | |||
| CVE-2015-0594 | 0.00 | — | 0.02 | Feb 27, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs… | |||
| CVE-2013-5482 | 0.00 | — | 0.01 | Sep 13, 2013 | Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug… | |||
| CVE-2013-5488 | 0.00 | — | 0.02 | Sep 12, 2013 | Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of… | |||
| CVE-2013-1196 | 0.00 | — | 0.00 | Apr 29, 2013 | The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning… | |||
| CVE-2013-1125 | 0.00 | — | 0.00 | Feb 19, 2013 | The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified… | |||
| CVE-2012-6392 | 0.00 | — | 0.05 | Jan 17, 2013 | Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779. | |||
| CVE-2010-3036 | 0.00 | — | 0.06 | Oct 29, 2010 | Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. |
- risk 0.46cvss 7.1epss 0.00
Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390.
- risk 0.42cvss 6.5epss 0.02
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication…
- CVE-2011-2738Sep 19, 2011risk 0.01cvss —epss 0.11
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix…
- CVE-2009-1161May 21, 2009risk 0.01cvss —epss 0.13
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified…
- CVE-2015-0594Feb 27, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs…
- CVE-2013-5482Sep 13, 2013risk 0.00cvss —epss 0.01
Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug…
- CVE-2013-5488Sep 12, 2013risk 0.00cvss —epss 0.02
Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of…
- CVE-2013-1196Apr 29, 2013risk 0.00cvss —epss 0.00
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning…
- CVE-2013-1125Feb 19, 2013risk 0.00cvss —epss 0.00
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified…
- CVE-2012-6392Jan 17, 2013risk 0.00cvss —epss 0.05
Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.
- CVE-2010-3036Oct 29, 2010risk 0.00cvss —epss 0.06
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.