Vulnerabilities > Cisco > Prime Collaboration

DATE CVE VULNERABILITY TITLE RISK
2018-06-07 CVE-2018-0317 Missing Authorization vulnerability in Cisco products
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges.
network
low complexity
cisco CWE-862
6.5
6.5
2018-03-08 CVE-2018-0141 Use of Hard-coded Credentials vulnerability in Cisco products
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system.
local
low complexity
cisco CWE-798
7.2
7.2
2016-02-12 CVE-2016-1320 Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration 11.0.0/9.0.0/9.0.5
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.
local
low complexity
cisco CWE-264
6.8
6.8
2015-07-18 CVE-2015-4280 Resource Management Errors vulnerability in Cisco Prime Collaboration 10.0
Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844.
network
low complexity
cisco CWE-399
5.0
5.0
2015-06-17 CVE-2015-4188 SQL Injection vulnerability in Cisco Prime Collaboration 10.5(1)
SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104.
network
low complexity
cisco CWE-89
5.0
5.0
2013-12-03 CVE-2013-6690 Cross-Site Scripting vulnerability in Cisco Prime Collaboration
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161.
network
cisco CWE-79
4.3
4.3
2013-04-29 CVE-2013-1196 Improper Input Validation vulnerability in Cisco products
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.
local
low complexity
cisco CWE-20
6.8
6.8
2013-02-19 CVE-2013-1125 Improper Input Validation vulnerability in Cisco products
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.
local
low complexity
cisco CWE-20
6.8
6.8