Vulnerabilities > Cisco > Prime Collaboration Provisioning

DATE CVE VULNERABILITY TITLE RISK
2018-06-07 CVE-2018-0317 Missing Authorization vulnerability in Cisco products
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges.
network
low complexity
cisco CWE-862
8.8
2018-06-07 CVE-2017-6779 Resource Exhaustion vulnerability in Cisco products
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
7.5
2018-03-08 CVE-2018-0141 Use of Hard-coded Credentials vulnerability in Cisco products
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system.
local
low complexity
cisco CWE-798
8.4
2018-02-22 CVE-2018-0205 Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 12.1
A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
network
low complexity
cisco CWE-79
6.1
2018-02-22 CVE-2018-0204 Weak Password Requirements vulnerability in Cisco Prime Collaboration Provisioning 12.1
A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users.
network
low complexity
cisco CWE-521
7.5
2017-11-02 CVE-2017-12276 SQL Injection vulnerability in Cisco Prime Collaboration Provisioning
A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection.
network
low complexity
cisco CWE-89
8.1
2017-09-07 CVE-2017-6793 Information Exposure vulnerability in Cisco Prime Collaboration Provisioning
A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system.
network
low complexity
cisco CWE-200
6.5
2017-09-07 CVE-2017-6792 Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning
A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root.
network
low complexity
cisco CWE-20
6.5
2017-08-07 CVE-2017-6759 Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning 12.1
A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system.
network
low complexity
cisco CWE-20
6.5
2017-08-07 CVE-2017-6756 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Provisioning 12.2
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions.
network
low complexity
cisco CWE-352
8.8