VYPR

Prime Collaboration Provisioning

by Cisco Systems, Inc.

CVEs (36)

  • CVE-2017-6622CriMay 18, 2017
    risk 0.72cvss 9.8epss 0.62

    A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP…

  • CVE-2018-15389CriOct 5, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is…

  • CVE-2018-0321CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An…

  • CVE-2018-0320CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker…

  • CVE-2018-0319CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery…

  • CVE-2018-0318CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An…

  • CVE-2016-1416CriJul 2, 2016
    risk 0.64cvss 9.8epss 0.05

    Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.

  • CVE-2018-0336HigJun 7, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An…

  • CVE-2018-0322HigJun 7, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to…

  • CVE-2018-0317HigJun 7, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this…

  • CVE-2017-6756HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks.…

  • CVE-2018-0141HigMar 8, 2018
    risk 0.55cvss 8.4epss 0.00

    A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit…

  • CVE-2017-12276HigNov 2, 2017
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka…

  • CVE-2018-0335HigJun 7, 2018
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this…

  • CVE-2018-0204HigFeb 22, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit…

  • CVE-2017-6621HigMay 18, 2017
    risk 0.49cvss 7.5epss 0.06

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient…

  • CVE-2017-6637MedMay 22, 2017
    risk 0.43cvss 6.5epss 0.08

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform…

  • CVE-2017-6636MedMay 22, 2017
    risk 0.43cvss 6.5epss 0.06

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper…

  • CVE-2017-6635MedMay 22, 2017
    risk 0.43cvss 6.5epss 0.10

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform…

  • CVE-2018-0391MedAug 1, 2018
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could…

Page 1 of 2