Cisco Prime Infrastructure vulnerabilities

CVE-2019-1825 [HIGH] CWE-89 CVE-2019-1825: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco E A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this

CVE-2019-1819 [MEDIUM] CWE-22 CVE-2019-1819: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolve A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP req

CVE-2019-1820 [MEDIUM] CWE-22 CVE-2019-1820: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolve A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP req

CVE-2019-1818 [MEDIUM] CWE-22 CVE-2019-1818: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolve A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP req

CVE-2019-1659 [HIGH] CWE-295 CVE-2019-1659: A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastruct A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when

CVE-2019-1643 [MEDIUM] CWE-79 CVE-2019-1643: A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an u A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based mana

CVE-2018-15457 [MEDIUM] CWE-79 CVE-2018-15457: A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an u A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based manag

CVE-2018-15379 [CRITICAL] CWE-275 CVE-2018-15379: A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted di A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileg

CVE-2018-15432 [MEDIUM] CWE-200 CVE-2018-15432: A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authentic A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A succes

CVE-2018-15433 [MEDIUM] CWE-200 CVE-2018-15433: A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authentic A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A succes