Cisco Prime Infrastructure vulnerabilities

CVE-2019-1819 [MEDIUM] CWE-22 CVE-2019-1819: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolve A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP req

CVE-2019-1818 [MEDIUM] CWE-22 CVE-2019-1818: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolve A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP req

CVE-2019-1820 [MEDIUM] CWE-22 CVE-2019-1820: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolve A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP req

CVE-2019-1659 [HIGH] CWE-295 CVE-2019-1659: A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastruct A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when

CVE-2019-1643 [MEDIUM] CWE-79 CVE-2019-1643: A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an u A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based mana

CVE-2018-15457 [MEDIUM] CWE-79 CVE-2018-15457: A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an u A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based manag

CVE-2018-15379 [CRITICAL] CWE-275 CVE-2018-15379: A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted di A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileg

CVE-2018-15433 [MEDIUM] CWE-200 CVE-2018-15433: A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authentic A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A succes

CVE-2018-15432 [MEDIUM] CWE-200 CVE-2018-15432: A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authentic A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A succes

CVE-2018-0097 [MEDIUM] CWE-601 CVE-2018-0097: A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious w A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit thi

CVE-2018-0096 [MEDIUM] CWE-264 CVE-2018-0096: A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to p A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a fa

CVE-2017-6725 [MEDIUM] CVE-2017-6725: A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site script A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65833 CSCuw65837. Known Affected Releases: 2.2(2).

CVE-2017-6724 [MEDIUM] CVE-2017-6724: A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site script A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65843. Known Affected Releases: 3.1(0.0).

CVE-2017-6611 [MEDIUM] CWE-79 CVE-2017-6611: A vulnerability in the web framework code of Cisco Prime Infrastructure 2 A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerabili

CVE-2017-3848 [MEDIUM] CVE-2017-3848: A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.

CVE-2017-3869 [MEDIUM] CVE-2017-3869: An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known Affected Releases: 3.1(1) 3.1(1)