Cisco Prime Infrastructure vulnerabilities

CVE-2019-1823 [HIGH] CWE-20 CVE-2019-1823: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco E A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. A

CVE-2019-1822 [HIGH] CWE-20 CVE-2019-1822: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco E A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. A

CVE-2019-1825 [HIGH] CWE-89 CVE-2019-1825: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco E A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this

CVE-2019-1819 [MEDIUM] CWE-22 CVE-2019-1819: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolve A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP req

CVE-2019-1820 [MEDIUM] CWE-22 CVE-2019-1820: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolve A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP req

CVE-2019-1818 [MEDIUM] CWE-22 CVE-2019-1818: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolve A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP req

CVE-2019-1659 [HIGH] CWE-295 CVE-2019-1659: A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastruct A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when

CVE-2019-1643 [MEDIUM] CWE-79 CVE-2019-1643: A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an u A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based mana

CVE-2018-15457 [MEDIUM] CWE-79 CVE-2018-15457: A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an u A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based manag

CVE-2018-0482 [MEDIUM] CWE-79 CVE-2018-0482: A vulnerability in the web-based management interface of Cisco Prime Network Control System could al A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management

CVE-2018-15379 [CRITICAL] CWE-275 CVE-2018-15379: A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted di A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileg

CVE-2018-15432 [MEDIUM] CWE-200 CVE-2018-15432: A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authentic A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A succes

CVE-2018-15433 [MEDIUM] CWE-200 CVE-2018-15433: A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authentic A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A succes

CVE-2018-0258 [CRITICAL] CWE-22 CVE-2018-0258: A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later,

CVE-2018-0096 [MEDIUM] CWE-264 CVE-2018-0096: A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains.

CVE-2017-6782 [MEDIUM] CWE-94 CVE-2017-6782: A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an aut A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting ma

CVE-2017-6700 [MEDIUM] CWE-79 CVE-2017-6700: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an

CVE-2017-6699 [MEDIUM] CWE-79 CVE-2017-6699: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35

CVE-2017-6698 [MEDIUM] CWE-89 CVE-2017-6698: A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPN A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CS

CVE-2017-6724 [MEDIUM] CWE-79 CVE-2017-6724: A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticat A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65843. Known Affected Releases: 3.1(0.0).