Vulnerabilities > Cisco > Prime LAN Management Solution

DATE CVE VULNERABILITY TITLE RISK
2017-09-07 CVE-2017-12225 Session Fixation vulnerability in Cisco Prime LAN Management Solution 4.2(5)
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability.
network
cisco CWE-384
4.3
4.3
2016-03-12 CVE-2016-1360 Information Exposure vulnerability in Cisco Prime LAN Management Solution
Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390.
local
cisco CWE-200
3.0
3.0
2015-02-27 CVE-2015-0594 Cross-site Scripting vulnerability in Cisco Prime LAN Management Solution and Security Manager
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263.
network
cisco CWE-79
4.3
4.3
2013-09-13 CVE-2013-5482 Permissions, Privileges, and Access Controls vulnerability in Cisco Prime LAN Management Solution
Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCug77823.
network
cisco CWE-264
4.3
4.3
2013-09-12 CVE-2013-5488 Improper Input Validation vulnerability in Cisco products
Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969.
network
low complexity
cisco CWE-20
5.0
5.0
2013-04-29 CVE-2013-1196 Improper Input Validation vulnerability in Cisco products
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.
local
low complexity
cisco CWE-20
6.8
6.8
2013-02-19 CVE-2013-1125 Improper Input Validation vulnerability in Cisco products
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.
local
low complexity
cisco CWE-20
6.8
6.8
2013-01-17 CVE-2012-6392 Improper Input Validation vulnerability in Cisco Prime LAN Management Solution
Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.
network
low complexity
cisco linux CWE-20
critical
 10.0
10
2012-05-03 CVE-2011-4237 Code Injection vulnerability in Cisco Ciscoworks Common Services 4.0
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.
network
cisco CWE-94
4.3
4.3