Vulnerabilites related to cisco - evolved_programmable_network_manager
Vulnerability from fkie_nvd
Published
2017-07-04 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/99221 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1038751 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99221 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038751 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | 2.0\(4.0.45b\) | |
| cisco | evolved_programmable_network_manager | 2.0\(4.0.45d\) | |
| cisco | evolved_programmable_network_manager | 2.0.0 | |
| cisco | prime_infrastructure | 3.1 | |
| cisco | prime_infrastructure | 3.1\(0.128\) | |
| cisco | prime_infrastructure | 3.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\\(4.0.45b\\):*:*:*:*:*:*:*", matchCriteriaId: "2B1F8D62-E893-4AF6-8195-DFB7810AA6AE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\\(4.0.45d\\):*:*:*:*:*:*:*", matchCriteriaId: "408D3C56-EB92-4013-860B-C60AF0D03D39", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "76E28AD8-1C7F-4003-B27C-1F87B988FE03", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*", matchCriteriaId: "27F4F1D6-82DA-4675-B734-D9C5371E6654", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1\\(0.128\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9CC0D0-08A5-45A0-BF1C-2D3E32D49B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BBD9A93C-FE79-4323-BBF1-F9B2CD559570", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Prime Infrastructure (PI) y Evolved Programmable Network Manager (EPNM) de Cisco, podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) reflejado contra un usuario de la interfaz de administración basada en web en un dispositivo afectado. Más información: CSCvc24616 CSCvc35363 CSCvc49574. Versiones Afectadas Conocidas: 3.1(1) 2.0(4.0.45B).", }, ], id: "CVE-2017-6699", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-04T00:29:00.290", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99221", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038751", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 01:29
Modified
2024-11-21 04:37
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | network_level_service | 3.0\(0.0.83b\) | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6F09A4CD-6339-48F6-9408-3E5949316FE9", versionEndExcluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_level_service:3.0\\(0.0.83b\\):*:*:*:*:*:*:*", matchCriteriaId: "FCC948E4-B186-4FDC-84EB-B4F30F902FA1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "67CF7487-D071-4DE6-8E87-B379B24D7BBD", versionEndExcluding: "3.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.", }, { lang: "es", value: "Una vulnerabilidad enweb-based management interface de Cisco Prime Infrastructure (PI) y Cisco Evolved Programmable Network (EPN) Manager podría permitir que un atacante remoto autenticado ejecute código con privilegios de nivel raíz en el sistema operativo subyacente. Esta vulnerabilidad existe porque el programa valida incorrectamente la entrada proporcionada por el usuario. Un atacante podría aprovechar esta vulnerabilidad al cargar un archivo malicioso en la interfaz web administrativa. Un aprovechamiento exitoso podría permitir al atacante ejecutar código con privilegios de nivel raíz en el sistema operativo subyacente.", }, ], id: "CVE-2019-1821", lastModified: "2024-11-21T04:37:28.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T01:29:00.483", references: [ { source: "psirt@cisco.com", url: "http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108339", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108339", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-17 17:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. An attacker could exploit this vulnerability by uploading a document containing malicious serialized Java objects to be processed by the affected application. A successful exploit could allow the attacker to cause the application to execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * | |
| cisco | prime_infrastructure | 3.10.4 | |
| cisco | prime_infrastructure | 3.10.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2AEC9133-19C1-4CC5-A1F4-187D2EF36B40", versionEndExcluding: "7.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F", versionEndExcluding: "3.10.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*", matchCriteriaId: "8E76E81B-A235-4A19-AAE4-319CB7840673", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*", matchCriteriaId: "774C7557-0D83-40A9-815C-4E32419A3B6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. An attacker could exploit this vulnerability by uploading a document containing malicious serialized Java objects to be processed by the affected application. A successful exploit could allow the attacker to cause the application to execute arbitrary commands.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Prime Infrastructure podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema operativo subyacente. Esta vulnerabilidad se debe al procesamiento inadecuado de objetos Java serializados por parte de la aplicación afectada. Un atacante podría aprovechar esta vulnerabilidad cargando un documento que contenga objetos Java serializados maliciosos para que los procese la aplicación afectada. Una explotación exitosa podría permitir al atacante hacer que la aplicación ejecute comandos arbitrarios.", }, ], id: "CVE-2023-20258", lastModified: "2024-11-21T07:41:00.830", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.2, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-17T17:15:10.147", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 03:15
Modified
2024-11-21 04:29
Severity ?
Summary
A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | prime_infrastructure | * | |
| cisco | prime_infrastructure | * | |
| cisco | prime_infrastructure | 3.6 | |
| cisco | evolved_programmable_network_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "5C53419F-962E-49CC-99D0-29229587B247", versionEndExcluding: "3.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "F41CF51E-27EF-49FE-8534-B829B5D8566C", versionEndExcluding: "3.5.1", versionStartIncluding: "3.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.6:*:*:*:*:*:*:*", matchCriteriaId: "C05391BE-19CB-4E9A-956C-BA747E95D0EE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1B6286E9-2465-43F3-B56C-6B8433022F70", versionEndExcluding: "3.0.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.", }, { lang: "es", value: "Una vulnerabilidad en la API REST de Cisco Prime Infrastructure (PI) y Cisco Evolved Programmable Network Manager (EPNM), podría permitir a un atacante remoto no autenticado ejecutar código arbitrario con privilegios root en el sistema operativo subyacente. La vulnerabilidad es debido a una comprobación de entrada insuficiente durante la configuración inicial de alta disponibilidad (HA) y el proceso de registro de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al cargar un archivo malicioso durante el período de registro de HA. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario con privilegios de nivel root en el sistema operativo subyacente. Nota: Esta vulnerabilidad solo puede ser explotada durante el período de registro de HA. Vea la sección Detalles para más información.", }, ], id: "CVE-2019-15958", lastModified: "2024-11-21T04:29:49.350", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T03:15:11.503", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-03 16:15
Modified
2024-11-21 07:40
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "929F2586-6A41-4560-AD9B-E96067766280", versionEndExcluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "27E0CC45-5CFF-4ABC-9E69-6B7119B697C2", versionEndExcluding: "3.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device.", }, ], id: "CVE-2023-20069", lastModified: "2024-11-21T07:40:28.840", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-03T16:15:10.167", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-pi-epnm-xss-mZShH2J", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-pi-epnm-xss-mZShH2J", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 01:29
Modified
2024-11-21 04:37
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/108337 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108337 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | network_level_service | 3.0\(0.0.83b\) | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6F09A4CD-6339-48F6-9408-3E5949316FE9", versionEndExcluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_level_service:3.0\\(0.0.83b\\):*:*:*:*:*:*:*", matchCriteriaId: "FCC948E4-B186-4FDC-84EB-B4F30F902FA1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "67CF7487-D071-4DE6-8E87-B379B24D7BBD", versionEndExcluding: "3.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.", }, { lang: "es", value: "Una vulnerabilidad en la web-based management interface de Prime Infrastructure (PI) y Evolved Programmable Network (EPN) Manager de Cisco podría permitir que un atacante remoto autenticado ejecutara consultas SQL arbitrarias. Esta vulnerabilidad existe porque el programa verifica incorrectamente la entrada proporcionada por el usuario en las consultas SQL. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud HTTP diseñada que contenga sentencias SQL maliciosas a la aplicación afectada. Un aprovechamiento exitoso podría permitir al atacante ver o modificar entradas en algunas tablas de la base de datos, afectando la integridad de los datos.", }, ], id: "CVE-2019-1825", lastModified: "2024-11-21T04:37:28.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T01:29:00.750", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108337", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-26 07:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries which could allow the attacker to read and write files and execute remote code within the application, aka XML Injection. Cisco Prime Infrastructure software releases 1.1 through 3.1.6 are vulnerable. Cisco EPNM software releases 1.2, 2.0, and 2.1 are vulnerable. Cisco Bug IDs: CSCvc23894 CSCvc49561.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "3C057764-0A1B-41A9-A21B-F665480145AD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "1AE45F94-2372-4CDD-A1E1-A4646F8D85AF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.200:*:*:*:*:*:*:*", matchCriteriaId: "8FD09D59-8557-4559-B0AB-71ECDEC77150", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.300:*:*:*:*:*:*:*", matchCriteriaId: "1E49859E-08F7-485D-8EA0-F1B6024B2413", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.400:*:*:*:*:*:*:*", matchCriteriaId: "E9A9DA98-C2E5-4CCB-B31B-3E55A0C98FBC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.500:*:*:*:*:*:*:*", matchCriteriaId: "2345C38D-1BA0-4A72-AC3E-8BA80FCEF7C6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\\(4.0.45d\\):*:*:*:*:*:*:*", matchCriteriaId: "408D3C56-EB92-4013-860B-C60AF0D03D39", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "76E28AD8-1C7F-4003-B27C-1F87B988FE03", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*", matchCriteriaId: "BA72A91C-0E65-420A-9DBE-3E0853EDB7C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*", matchCriteriaId: "B257E2F8-30EB-4BCC-8ACF-35DF73107AAC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8B48C1E6-7C18-4C6B-B402-9C0E1A931C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*", matchCriteriaId: "B64A7FCA-1DEA-45B2-9C69-CCDCC848D9B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*", matchCriteriaId: "E78D776C-AA8C-471D-A0C0-02428FA07A29", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*", matchCriteriaId: "9D3206E7-DC91-4861-AD32-46DA82509D5B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*", matchCriteriaId: "1704AC8E-BD7E-4882-8BB3-45B9E2AE0F10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "9ACB00E7-41E3-4221-8400-A279A75FD355", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "853315C7-01A7-4E83-9CBB-D45F6B5C4664", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*", matchCriteriaId: "EB157A80-3A03-4B8D-9B20-C456A953CF7E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7678B118-E00C-4B1E-8B40-D3233DE3615C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*", matchCriteriaId: "56394A07-6D74-4588-8C05-DE04959F7FC7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "7830BF63-55ED-4D8B-B380-1E78E338EA2D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "D9BCDE33-49E9-4B46-AE31-563F3B6434F5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.0:*:*:*:*:*:*:*", matchCriteriaId: "48F3C5A5-6C84-408D-B59A-265F8775C943", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*", matchCriteriaId: "27F4F1D6-82DA-4675-B734-D9C5371E6654", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1\\(0.128\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9CC0D0-08A5-45A0-BF1C-2D3E32D49B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1\\(4.0\\):*:*:*:*:*:*:*", matchCriteriaId: "7500DF7B-FD3C-49B3-81C7-55E78B83A1C2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1\\(5.0\\):*:*:*:*:*:*:*", matchCriteriaId: "E5A66318-C59B-4D2C-B63E-5B1E3A61E63C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BBD9A93C-FE79-4323-BBF1-F9B2CD559570", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.2\\(0.0\\):*:*:*:*:*:*:*", matchCriteriaId: "146E4ECF-B903-488C-8644-932FC57F072C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.2_base:*:*:*:*:*:*:*", matchCriteriaId: "17B3932F-457E-4620-AC03-70D5729757E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries which could allow the attacker to read and write files and execute remote code within the application, aka XML Injection. Cisco Prime Infrastructure software releases 1.1 through 3.1.6 are vulnerable. Cisco EPNM software releases 1.2, 2.0, and 2.1 are vulnerable. Cisco Bug IDs: CSCvc23894 CSCvc49561.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de usuario basada en web de Prime Infrastructure (PI) y Evolved Programmable Network Manager (EPNM) de Cisco, podría permitir a un atacante remoto identificado acceder a la información almacenada en el sistema afectado, así como a realizar ejecución de código remota. El atacante necesita tener credenciales de usuario válidas. La vulnerabilidad es debido al control inapropiado de las entradas de tipo XML External Entity (XXE) cuando se analiza un archivo XML. Un atacante podría explotar esta vulnerabilidad mediante el convencimiento del administrador de un sistema afectado para importar un archivo XML especialmente diseñado con entradas maliciosas que podrían permitir al atacante leer y escribir archivos y ejecutar código remoto dentro de la aplicación, también se conoce como Inyección XML. El software Prime Infrastructure en las versiones 1.1 hasta 3.1.6 de Cisco es vulnerable. El software de EPNM en las versiones 1.2, 2.0 y 2.1 de Cisco son vulnerables. IDs de bug de Cisco: CSCvc23894 CSCvc49561.", }, ], id: "CVE-2017-6662", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-26T07:29:00.170", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99194", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1038750", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99194", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038750", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm1", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-07 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | 2.0\(4.0.45d\) | |
| cisco | prime_infrastructure | 2.2 | |
| cisco | prime_infrastructure | 2.2\(3\) | |
| cisco | prime_infrastructure | 3.0 | |
| cisco | prime_infrastructure | 3.1 | |
| cisco | prime_infrastructure | 3.1\(0.128\) | |
| cisco | prime_infrastructure | 3.1\(4.0\) | |
| cisco | prime_infrastructure | 3.1\(5.0\) | |
| cisco | prime_infrastructure | 3.2\(0.0\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\\(4.0.45d\\):*:*:*:*:*:*:*", matchCriteriaId: "408D3C56-EB92-4013-860B-C60AF0D03D39", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*", matchCriteriaId: "56394A07-6D74-4588-8C05-DE04959F7FC7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "D9BCDE33-49E9-4B46-AE31-563F3B6434F5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.0:*:*:*:*:*:*:*", matchCriteriaId: "48F3C5A5-6C84-408D-B59A-265F8775C943", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*", matchCriteriaId: "27F4F1D6-82DA-4675-B734-D9C5371E6654", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1\\(0.128\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9CC0D0-08A5-45A0-BF1C-2D3E32D49B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1\\(4.0\\):*:*:*:*:*:*:*", matchCriteriaId: "7500DF7B-FD3C-49B3-81C7-55E78B83A1C2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1\\(5.0\\):*:*:*:*:*:*:*", matchCriteriaId: "E5A66318-C59B-4D2C-B63E-5B1E3A61E63C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.2\\(0.0\\):*:*:*:*:*:*:*", matchCriteriaId: "146E4ECF-B903-488C-8644-932FC57F072C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).", }, { lang: "es", value: "Una vulnerabilidad en la interfaz web de Cisco Prime Infrastructure y del administrador Evolved Programmable Network de Cisco (EPN) podría permitir a un atacante remoto autenticado acceder a datos confidenciales. El atacante no necesita credenciales de administrador y podría usar esta información para realizar ataques de reconocimiento adicionales. Más información: CSCvc60031 (fijo) CSCvc60041 (fijo) CSCvc60095 (abierto) CSCvc60102 (abierto). Liberaciones conocidas: 2,2 2,2(3) 3,0 3,1(0,0) 3,1(0,128) 3,1(4,0) 3,1(5,0) 3,2(0,0) 2,0(4,0,45D).", }, ], id: "CVE-2017-3884", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-07T17:59:00.357", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97470", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1038189", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038189", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 01:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/108352 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1818 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108352 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1818 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6F09A4CD-6339-48F6-9408-3E5949316FE9", versionEndExcluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "A4491F05-D89C-4B35-A051-B36957DD9F68", versionEndExcluding: "3.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración web-based del programa Cisco Prime Infrastructure y Cisco Evolved Programmable Network (EPN) podría permitir que un atacante remoto autentificado descargue y vea archivos dentro de la aplicación que deberían estar restringidos. Esta vulnerabilidad se debe a un saneamiento incorrecto de la entrada proporcionada por el usuario en los parámetros de solicitud HTTP que describen los nombres de archivo. Un atacante podría aprovechar esta vulnerabilidad mediante el uso de técnicas de cruce de directorios para enviar una ruta a una ubicación de archivo deseada. Un aprovechamiento exitoso podría permitir al atacante ver archivos de aplicaciones que pueden contener información confidencial.", }, ], id: "CVE-2019-1818", lastModified: "2024-11-21T04:37:26.773", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T01:29:00.297", references: [ { source: "psirt@cisco.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108352", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1818", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108352", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1818", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 01:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/108339 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108339 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6F09A4CD-6339-48F6-9408-3E5949316FE9", versionEndExcluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "67CF7487-D071-4DE6-8E87-B379B24D7BBD", versionEndExcluding: "3.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.", }, { lang: "es", value: "Una vulnerabilidad en web-based management interface de Cisco Prime Infrastructure (PI) y Cisco Evolved Programmable Network (EPN) Manager podría permitir que un atacante remoto autenticado ejecute un código con privilegios de nivel raíz en el sistema operativo subyacente. Esta vulnerabilidad existe porque el programa valida incorrectamente la entrada proporcionada por el usuario. Un atacante podría aprovechar esta vulnerabilidad al cargar un archivo malicioso en la interfaz web administrativa. Un aprovechamiento exitoso podría permitir al atacante ejecutar código con privilegios de nivel raíz en el sistema operativo subyacente.", }, ], id: "CVE-2019-1822", lastModified: "2024-11-21T04:37:28.217", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T01:29:00.530", references: [ { source: "psirt@cisco.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108339", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108339", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-10 10:15
Modified
2025-04-03 20:53
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
Impacted products
{ cisaActionDue: "2021-12-24", cisaExploitAdd: "2021-12-10", cisaRequiredAction: "For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.", cisaVulnerabilityName: "Apache Log4j2 Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BD64FC36-CC7B-4FD7-9845-7EA1DDB0E627", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "CF99FE8F-40D0-48A8-9A40-43119B259535", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0012304-B1C8-460A-B891-42EBF96504F5", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "F3F61BCB-64FA-463C-8B95-8868995EDBC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B02BCF56-D9D3-4BF3-85A2-D445E997F5EC", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "B5A189B7-DDBF-4B84-997F-637CEC5FF12B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A2DB5BA-1065-467A-8FB6-81B5EC29DC0C", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "035AFD6F-E560-43C8-A283-8D80DAA33025", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "809EB87E-561A-4DE5-9FF3-BBEE0FA3706E", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "4594FF76-A1F8-4457-AE90-07D051CD0DCB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "03FA5E81-F9C0-403E-8A4B-E4284E4E7B72", versionEndExcluding: "2.3.1", versionStartIncluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "AED3D5EC-DAD5-4E5F-8BBD-B4E3349D84FC", versionEndExcluding: "2.12.2", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "D31D423D-FC4D-428A-B863-55AF472B80DC", versionEndExcluding: "2.15.0", versionStartIncluding: "2.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", matchCriteriaId: "17854E42-7063-4A55-BF2A-4C7074CC2D60", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", matchCriteriaId: "53F32FB2-6970-4975-8BD0-EAE12E9AD03A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B773ED91-1D39-42E6-9C52-D02210DE1A94", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EF24312D-1A62-482E-8078-7EC24758B710", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E8320869-CBF4-4C92-885C-560C09855BFA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*", matchCriteriaId: "755BA221-33DD-40A2-A517-8574D042C261", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:capital:*:*:*:*:*:*:*:*", matchCriteriaId: "9AAF12D5-7961-4344-B0CC-BE1C673BFE1F", versionEndExcluding: "2019.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:capital:2019.1:-:*:*:*:*:*:*", matchCriteriaId: "19CB7B44-1877-4739-AECB-3E995ED03FC9", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:capital:2019.1:sp1912:*:*:*:*:*:*", matchCriteriaId: "A883D9C2-F2A4-459F-8000-EE288DC0DD17", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*", matchCriteriaId: "9CD4AC6F-B8D3-4588-B3BD-55C9BAF4AAAC", versionEndExcluding: "10.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:3.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFD64AC-0826-48FB-91B0-B8DF5ECC8775", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BB524B33-68E7-46A2-B5CE-BCD9C3194B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*", matchCriteriaId: "5F852C6D-44A0-4CCE-83C7-4501CAD73F9F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*", matchCriteriaId: "AA61161C-C2E7-4852-963E-E2D3DFBFDC7B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*", matchCriteriaId: "A76AA04A-BB43-4027-895E-D1EACFCDF41B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*", matchCriteriaId: "2A6B60F3-327B-49B7-B5E4-F1C60896C9BB", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*", matchCriteriaId: "4BCF281E-B0A2-49E2-AEF8-8691BDCE08D5", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*", matchCriteriaId: "A87EFCC4-4BC1-4FEA-BAA4-8FF221838EBD", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*", matchCriteriaId: "B678380B-E95E-4A8B-A49D-D13B62AA454E", versionEndExcluding: "2021-12-13", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*", matchCriteriaId: "4557476B-0157-44C2-BB50-299E7C7E1E72", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*", matchCriteriaId: "991B2959-5AA3-4B68-A05A-42D9860FAA9D", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*", matchCriteriaId: "7E5948A0-CA31-41DF-85B6-1E6D09E5720B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*", matchCriteriaId: "4C08D302-EEAC-45AA-9943-3A5F09E29FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D53BA68C-B653-4507-9A2F-177CF456960F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip_prepay:*:*:*:*:*:*:*:*", matchCriteriaId: "536C7527-27E6-41C9-8ED8-564DD0DC4EA0", versionEndExcluding: "3.8.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0E180527-5C36-4158-B017-5BEDC0412FD6", versionEndExcluding: "8.6.2j-398", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*", matchCriteriaId: "AFDADA98-1CD0-45DA-9082-BFC383F7DB97", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E33D707F-100E-4DE7-A05B-42467DE75EAC", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "DD3EAC80-44BE-41D2-8D57-0EE3DBA1E1B1", versionEndExcluding: "2021-12-13", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*", matchCriteriaId: "2AC8AB52-F4F4-440D-84F5-2776BFE1957A", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF6D774-AC8C-49CA-A00B-A2740CA8FA91", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*", matchCriteriaId: "25FADB1B-988D-4DB9-9138-7542AFDEB672", versionEndExcluding: "2021-12-16", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*", matchCriteriaId: "48C6A61B-2198-4B9E-8BCF-824643C81EC3", versionEndExcluding: "2021-12-13", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*", matchCriteriaId: "BEE2F7A1-8281-48F1-8BFB-4FE0D7E1AEF4", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", matchCriteriaId: "C07AFA19-21AE-4C7E-AA95-69599834C0EC", versionEndExcluding: "3.5", versionStartIncluding: "3.2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", matchCriteriaId: "74D1F4AD-9A60-4432-864F-4505B3C60659", versionEndIncluding: "1.1.3", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "7ABA5332-8D1E-4129-A557-FCECBAC12827", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "9C3AA865-5570-4C8B-99DE-431AD7B163F1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siguard_dsa:*:*:*:*:*:*:*:*", matchCriteriaId: "9A4B950B-4527-491B-B111-046DB1CCC037", versionEndExcluding: "4.4.1", versionStartIncluding: "4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", matchCriteriaId: "83E77D85-0AE8-41D6-AC0C-983A8B73C831", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", matchCriteriaId: "02B28A44-3708-480D-9D6D-DDF8C21A15EC", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*", matchCriteriaId: "2FC0A575-F771-4B44-A0C6-6A5FD98E5134", versionEndIncluding: "4.16.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*", matchCriteriaId: "6D1D6B61-1F17-4008-9DFB-EF419777768E", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", matchCriteriaId: "9772EE3F-FFC5-4611-AD9A-8AD8304291BB", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", matchCriteriaId: "CF524892-278F-4373-A8A3-02A30FA1AFF4", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*", matchCriteriaId: "F30DE588-9479-46AA-8346-EA433EE83A5F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*", matchCriteriaId: "4941EAD6-8759-4C72-ABA6-259C0E838216", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*", matchCriteriaId: "5BF2708F-0BD9-41BF-8CB1-4D06C4EFB777", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*", matchCriteriaId: "0762031C-DFF1-4962-AE05-0778B27324B9", versionEndExcluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*", matchCriteriaId: "96271088-1D1B-4378-8ABF-11DAB3BB4DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*", matchCriteriaId: "2595AD24-2DF2-4080-B780-BC03F810B9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*", matchCriteriaId: "88096F08-F261-4E3E-9EEB-2AB0225CD6F3", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*", matchCriteriaId: "044994F7-8127-4F03-AA1A-B2AB41D68AF5", versionEndExcluding: "4.70", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*", matchCriteriaId: "A6CB3A8D-9577-41FB-8AC4-0DF8DE6A519C", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*", matchCriteriaId: "17B7C211-6339-4AF2-9564-94C7DE52EEB7", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*", matchCriteriaId: "DBCCBBBA-9A4F-4354-91EE-10A1460BBA3F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*", matchCriteriaId: "12F81F6B-E455-4367-ADA4-8A5EC7F4754A", versionEndExcluding: "2.30", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*", matchCriteriaId: "A5EF509E-3799-4718-B361-EFCBA17AEEF3", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*", matchCriteriaId: "8CA31645-29FC-4432-9BFC-C98A808DB8CF", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*", matchCriteriaId: "BB424991-0B18-4FFC-965F-FCF4275F56C5", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", matchCriteriaId: "1B209EFE-77F2-48CD-A880-ABA0A0A81AB1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*", matchCriteriaId: "72D238AB-4A1F-458D-897E-2C93DCD7BA6C", versionEndExcluding: "2019.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*", matchCriteriaId: "9778339A-EA93-4D18-9A03-4EB4CBD25459", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*", matchCriteriaId: "1747F127-AB45-4325-B9A1-F3D12E69FFC8", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*", matchCriteriaId: "18BBEF7C-F686-4129-8EE9-0F285CE38845", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2020.1:-:*:*:*:*:*:*", matchCriteriaId: "264C7817-0CD5-4370-BC39-E1DF3E932E16", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2021.1:-:*:*:*:*:*:*", matchCriteriaId: "C7442C42-D493-46B9-BCC2-2C62EAD5B945", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*", matchCriteriaId: "AD525494-2807-48EA-AED0-11B9CB5A6A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*", matchCriteriaId: "1EDCBF98-A857-48BC-B04D-6F36A1975AA5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "12A06BF8-E4DC-4389-8A91-8AC7598E0009", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:datacenter_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EAD1E1F3-F06B-4D17-8854-2CDA7E6D872D", versionEndExcluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*", matchCriteriaId: "18989EBC-E1FB-473B-83E0-48C8896C2E96", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:*", matchCriteriaId: "EDE66B6C-25E5-49AE-B35F-582130502222", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*", matchCriteriaId: "22BEE177-D117-478C-8EAD-9606DEDF9FD5", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*", matchCriteriaId: "FC619106-991C-413A-809D-C2410EBA4CDB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", matchCriteriaId: "CA7D45EF-18F7-43C6-9B51-ABAB7B0CA3CD", versionEndExcluding: "10.0.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", matchCriteriaId: "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*", matchCriteriaId: "25FA7A4D-B0E2-423E-8146-E221AE2D6120", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", matchCriteriaId: "26FCA75B-4282-4E0F-95B4-640A82C8E91C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "F3A48D58-4291-4D3C-9CEA-BF12183468A7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_enterprise_sds:-:*:*:*:*:*:*:*", matchCriteriaId: "5D18075A-E8D6-48B8-A7FA-54E336A434A2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52AF19-0158-451B-8E36-02CB6406083F", versionEndExcluding: "3.5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:*", matchCriteriaId: "CB21CFB4-4492-4C5D-BD07-FFBE8B5D92B6", versionEndExcluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:*", matchCriteriaId: "97426511-9B48-46F5-AC5C-F9781F1BAE2F", versionEndExcluding: "2021.11_1.162", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "82306B9F-AE97-4E29-A8F7-2E5BA52998A7", versionEndExcluding: "3.0.000.115", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "4C903C85-DC0F-47D8-B8BE-7A666877B017", versionEndExcluding: "3.1.000.044", versionStartIncluding: "3.1.000.000", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "E4C6F9E0-5DCE-431D-AE7E-B680AC1F9332", versionEndExcluding: "3.2.000.009", versionStartIncluding: "3.2.000.000", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:*", matchCriteriaId: "52CF6199-8028-4076-952B-855984F30129", versionEndExcluding: "12.6\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:*", matchCriteriaId: "622BB8D9-AC81-4C0F-A5C5-C5E51F0BC0D1", versionEndExcluding: "4.10.0.16", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:*", matchCriteriaId: "38FB3CE1-5F62-4798-A825-4E3DB07E868F", versionEndExcluding: "5.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:*", matchCriteriaId: "29CDB878-B085-448E-AB84-25B1E2D024F8", versionEndExcluding: "5.3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C25FDA96-9490-431F-B8B6-CC2CC272670E", versionEndExcluding: "5.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*", matchCriteriaId: "51CD9E4C-9385-435C-AD18-6C36C8DF7B65", versionEndExcluding: "2.9.1.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*", matchCriteriaId: "FC0AC4C1-CB06-4084-BFBB-5B702C384C53", versionEndExcluding: "2.10.0.1", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:*", matchCriteriaId: "3871EBD2-F270-435A-B98C-A282E1C52693", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D4DF34B-E8C2-41C8-90E2-D119B50E4E7E", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:*", matchCriteriaId: "C8EF64DA-73E4-4E5E-8F9A-B837C947722E", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "66E1E4FC-0B6E-4CFA-B003-91912F8785B2", versionEndExcluding: "2.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1B2390C3-C319-4F05-8CF0-0D30F9931507", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "C154491E-06C7-48B0-AC1D-89BBDBDB902E", versionEndExcluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1E98EC48-0CED-4E02-9CCB-06EF751F2BDC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "C569DC2A-CFF6-4E13-A50C-E215A4F96D99", versionEndExcluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "258A51AC-6649-4F67-A842-48A7AE4DCEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "8DC22505-DE11-4A1B-8C06-1E306419B031", versionEndExcluding: "4.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "9E31AC54-B928-48B5-8293-F5F4A7A8C293", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "5B8AE870-6FD0-40D2-958B-548E2D7A7B75", versionEndExcluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "68E7D83B-B6AC-45B1-89A4-D18D7A6018DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:*", matchCriteriaId: "17660B09-47AA-42A2-B5FF-8EBD8091C661", versionEndExcluding: "1.12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:*", matchCriteriaId: "FBEF9A82-16AE-437A-B8CF-CC7E9B6C4E44", versionEndExcluding: "4.0.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "843147AE-8117-4FE9-AE74-4E1646D55642", versionEndExcluding: "11.3\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:data_center_network_manager:11.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "7EB871C9-CA14-4829-AED3-CC2B35E99E92", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", matchCriteriaId: "4FF8A83D-A282-4661-B133-213A8838FB27", versionEndExcluding: "2.1.2.8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", matchCriteriaId: "139CDAA5-63E9-4E56-AF72-745BD88E4B49", versionEndExcluding: "2.2.2.8", versionStartIncluding: "2.2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", matchCriteriaId: "01FD99C4-BCB1-417E-ADCE-73314AD2E857", versionEndExcluding: "2.2.3.4", versionStartIncluding: "2.2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_spaces\\:_connector:*:*:*:*:*:*:*:*", matchCriteriaId: "9031BE8A-646A-4581-BDE5-750FB0CE04CB", versionEndExcluding: "2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", matchCriteriaId: "15BED3E2-46FF-4E58-8C5D-4D8FE5B0E527", versionEndExcluding: "11.5\\(4\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*", matchCriteriaId: "7C950436-2372-4C4B-9B56-9CB48D843045", versionEndExcluding: "12.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0B61F186-D943-4711-B3E0-875BB570B142", versionEndIncluding: "4.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*", matchCriteriaId: "2A285C40-170D-4C95-8031-2C6E4D5FB1D4", versionEndExcluding: "12.6\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "3C0F02B5-AA2A-48B2-AE43-38B45532C563", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:*", matchCriteriaId: "830BDB28-963F-46C3-8D50-638FDABE7F64", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "54553C65-6BFA-40B1-958D-A4E3289D6B1D", versionEndExcluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:*", matchCriteriaId: "439948AD-C95D-4FC3-ADD1-C3D241529F12", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "9C2002AE-0F3C-4A06-9B9A-F77A9F700EB2", versionEndExcluding: "2.3.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "596A986D-E7DC-4FC4-A776-6FE87A91D7E4", versionEndExcluding: "1.0.9-361", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:*", matchCriteriaId: "DD93434E-8E75-469C-B12B-7E2B6EDCAA79", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "78684844-4974-41AD-BBC1-961F60025CD2", versionEndExcluding: "6.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "3A00D235-FC9C-4EB7-A16C-BB0B09802E61", versionEndExcluding: "5.3.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "C60FDD1B-898E-4FCB-BDE2-45A7CBDBAF4F", versionEndExcluding: "5.4.5.2", versionStartIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "E7A33E5F-BBC7-4917-9C63-900248B546D9", versionEndExcluding: "5.5.4.1", versionStartIncluding: "5.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "12D98A7C-4992-4E58-A6BD-3D8173C8F2B0", versionEndExcluding: "5.6.3.1", versionStartIncluding: "5.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*", matchCriteriaId: "E2DDC1AF-31B5-4F05-B84F-8FD23BE163DA", versionEndExcluding: "2.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:*", matchCriteriaId: "A4540CF6-D33E-4D33-8608-11129D6591FA", versionEndExcluding: "6.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "129A7615-99E7-41F8-8EBC-CEDA10AD89AD", versionEndExcluding: "1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*", matchCriteriaId: "5F46A7AC-C133-442D-984B-BA278951D0BF", versionEndExcluding: "11.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "A1A75AB6-C3A7-4299-B35A-46A4BCD00816", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:*", matchCriteriaId: "0A73E888-C8C2-4AFD-BA60-566D45214BCA", versionEndExcluding: "14.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:*", matchCriteriaId: "4B0D0FD0-ABC6-465F-AB8D-FA8788B1B2DD", versionEndExcluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "D673F6F7-C42A-4538-96F0-34CB4F0CB080", versionEndExcluding: "20.3.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "FD374819-3CED-4260-90B6-E3C1333EAAD2", versionEndExcluding: "20.4.2.1", versionStartIncluding: "20.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "D2D89973-94AF-4BE7-8245-275F3FEB30F4", versionEndExcluding: "20.5.1.1", versionStartIncluding: "20.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "91A9A889-2C2B-4147-8108-C35291761C15", versionEndExcluding: "20.6.2.1", versionStartIncluding: "20.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*", matchCriteriaId: "D0EEA1EC-C63C-4C7D-BFAE-BA4556332242", versionEndExcluding: "3.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:*", matchCriteriaId: "ACE22D97-42FA-4179-99E5-C2EE582DB7FF", versionEndExcluding: "2.0\\(1p\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "F6B5DB6D-9E7D-4403-8028-D7DA7493716B", versionEndExcluding: "6.8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "B98D7AD5-0590-43FB-8AC0-376C9C500C15", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "D9DA1900-9972-4DFD-BE2E-74DABA1ED9A9", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "42A41C41-A370-4C0E-A49D-AD42B2F3FB5C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*", matchCriteriaId: "7E958AFF-185D-4D55-B74B-485BEAEC42FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "B85B81F9-8837-426E-8639-AB0712CD1A96", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "C1CCCD27-A247-4720-A2FE-C8ED55D1D0DE", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "34D89C42-AAD9-4B04-9F95-F77681E39553", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*", matchCriteriaId: "897C8893-B0B6-4D6E-8D70-31B421D80B9A", versionEndExcluding: "11.6\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "91D62A73-21B5-4D16-A07A-69AED2D40CC0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*", matchCriteriaId: "B0492049-D3AC-4512-A4BF-C9C26DA72CB0", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*", matchCriteriaId: "3868A8AA-6660-4332-AB0C-089C150D00E7", versionEndExcluding: "11.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*", matchCriteriaId: "58BD72D6-4A79-49C9-9652-AB0136A591FA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A32761FD-B435-4E51-807C-2B245857F90E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:*", matchCriteriaId: "154F7F71-53C5-441C-8F5C-0A82CB0DEC43", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "65FD3873-2663-4C49-878F-7C65D4B8E455", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0886FB04-24AA-4995-BA53-1E44F94E114E", versionEndExcluding: "7.14.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C61805C1-1F73-462C-A9CA-BB0CA4E57D0B", versionEndExcluding: "2.6.7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5EB39834-0F6D-4BD7-AFEC-DD8BEE46DA50", versionEndExcluding: "3.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0B78DD21-15F2-47A4-8A99-6DB6756920AC", versionEndExcluding: "3.4.4", versionStartIncluding: "3.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*", matchCriteriaId: "7C6222EB-36E1-4CD5-BD69-5A921ED5DA6A", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "C200CABD-F91B-49C4-A262-C56370E44B4C", versionEndExcluding: "7.3.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*", matchCriteriaId: "DE22BE9B-374E-43DC-BA91-E3B9699A4C7C", versionEndExcluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*", matchCriteriaId: "61D1081F-87E8-4E8B-BEBD-0F239E745586", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "8D138973-02B0-4FEC-A646-FF1278DA1EDF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "30B55A5B-8C5E-4ECB-9C85-A8A3A3030850", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "14DBEC10-0641-441C-BE15-8F72C1762DCE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:*", matchCriteriaId: "205C1ABA-2A4F-480F-9768-7E3EC43B03F5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:*", matchCriteriaId: "D36FE453-C43F-448B-8A59-668DE95468C0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:*", matchCriteriaId: "E8DF0944-365F-4149-9059-BDFD6B131DC5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:*", matchCriteriaId: "6B37AA08-13C7-4FD0-8402-E344A270C8F7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:*", matchCriteriaId: "2AA56735-5A5E-4D8C-B09D-DBDAC2B5C8E9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*", matchCriteriaId: "4646849B-8190-4798-833C-F367E28C1881", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*", matchCriteriaId: "4D6CF856-093A-4E89-A71D-50A2887C265B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "B36A9043-0621-43CD-BFCD-66529F937859", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "8842B42E-C412-4356-9F54-DFC53B683D3E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "D25BC647-C569-46E5-AD45-7E315EBEB784", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B468EDA1-CDEF-44D4-9D62-C433CF27F631", versionEndExcluding: "3.2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*", matchCriteriaId: "C90C6CD1-4678-4621-866B-F0CE819C8000", versionEndExcluding: "12.6\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_sip_proxy:*:*:*:*:*:*:*:*", matchCriteriaId: "9E4905E2-2129-469C-8BBD-EDA258815E2B", versionEndExcluding: "10.2.1v2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_workforce_optimization:*:*:*:*:*:*:*:*", matchCriteriaId: "EC86AC6C-7C08-4EB9-A588-A034113E4BB1", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFE3880-4B85-4E23-9836-70875D5109F7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*", matchCriteriaId: "727A02E8-40A1-4DFE-A3A2-91D628D3044F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*", matchCriteriaId: "19F6546E-28F4-40DC-97D6-E0E023FE939B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*", matchCriteriaId: "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", matchCriteriaId: "52D96810-5F79-4A83-B8CA-D015790FCF72", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", matchCriteriaId: "16FE2945-4975-4003-AE48-7E134E167A7F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", matchCriteriaId: "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", matchCriteriaId: "976901BF-C52C-4F81-956A-711AF8A60140", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*", matchCriteriaId: "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*", matchCriteriaId: "957D64EB-D60E-4775-B9A8-B21CA48ED3B1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*", matchCriteriaId: "A694AD51-9008-4AE6-8240-98B17AB527EE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*", matchCriteriaId: "38AE6DC0-2B03-4D36-9856-42530312CC46", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*", matchCriteriaId: "71DCEF22-ED20-4330-8502-EC2DD4C9838F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*", matchCriteriaId: "3DB2822B-B752-4CD9-A178-934957E306B4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*", matchCriteriaId: "81F4868A-6D62-479C-9C19-F9AABDBB6B24", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*", matchCriteriaId: "65378F3A-777C-4AE2-87FB-1E7402F9EA1B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*", matchCriteriaId: "07DAFDDA-718B-4B69-A524-B0CEB80FE960", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:fxos:6.2.3:*:*:*:*:*:*:*", matchCriteriaId: "82C8AD48-0130-4C20-ADEC-697668E2293B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.3.0:*:*:*:*:*:*:*", matchCriteriaId: "4E75EF7C-8D71-4D70-91F0-74FC99A90CC3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "2DB7EE7D-8CB4-4804-9F9D-F235608E86E1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.5.0:*:*:*:*:*:*:*", matchCriteriaId: "77571973-2A94-4E15-AC5B-155679C3C565", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CA405A50-3F31-48ED-9AF1-4B02F5B367DE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.7.0:*:*:*:*:*:*:*", matchCriteriaId: "D3753953-04E8-4382-A6EC-CD334DD83CF4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B4A5F89F-1296-4A0F-A36D-082A481F190F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F50F48AF-44FF-425C-9685-E386F956C901", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:*", matchCriteriaId: "A4D28E76-56D4-4C9A-A660-7CD7E0A1AC9F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:*", matchCriteriaId: "CD975A0E-00A6-475E-9064-1D64E4291499", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*", matchCriteriaId: "2E50AC21-DA54-4BC8-A503-1935FD1714C7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*", matchCriteriaId: "4D05E169-4AF1-4127-A917-056EC2CE781B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.4\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8AD415A2-422E-4F15-A177-C3696FEAFF0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(0\\):*:*:*:*:*:*:*", matchCriteriaId: "134443B7-7BA8-4B50-8874-D4BF931BECFD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "73ADF6EA-CD29-4835-8D72-84241D513AFF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.000\\):*:*:*:*:*:*:*", matchCriteriaId: "BAC1A386-04C7-45B2-A883-1CD9AB60C14B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.001\\):*:*:*:*:*:*:*", matchCriteriaId: "3F0F1639-D69E-473A-8926-827CCF73ACC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.002\\):*:*:*:*:*:*:*", matchCriteriaId: "F4FDF900-E9D6-454A-BF6B-821620CA59F4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.000\\):*:*:*:*:*:*:*", matchCriteriaId: "1859BD43-BA2B-45A5-B523-C6BFD34C7B01", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.001\\):*:*:*:*:*:*:*", matchCriteriaId: "1EBC145C-9A2F-4B76-953E-0F690314511C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.002\\):*:*:*:*:*:*:*", matchCriteriaId: "158B7A53-FEC1-4B42-A1E2-E83E99564B07", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.010\\(000.000\\):*:*:*:*:*:*:*", matchCriteriaId: "3A378971-1A08-4914-B012-8E24DCDEFC68", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:*", matchCriteriaId: "4E5CC012-DC85-481A-B82A-9323C19674DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:*:*:*:*:*:*:*", matchCriteriaId: "76CF59ED-685D-46CD-80A2-AEDA4F03FE53", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:*", matchCriteriaId: "960B07C0-E205-47E7-B578-46A0AF559D04", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:*", matchCriteriaId: "A1A194E1-405E-47FA-8CDF-58EB78883ACC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:*", matchCriteriaId: "2E628231-61FB-40AF-A20B-00F5CB78E63B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:*", matchCriteriaId: "2EA25E92-2C76-4722-BA06-53F33C0D961C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:*", matchCriteriaId: "51D2940A-0D03-415B-B72E-1F6862DDAC41", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:*", matchCriteriaId: "8B346ADC-00BE-4409-B658-A11351D2A7D4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:*", matchCriteriaId: "5A0E44A9-C427-493B-868A-8A8DA405E759", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:*", matchCriteriaId: "B2B31E7C-0EB3-4996-8859-DF94A3EE20B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:*", matchCriteriaId: "3EAB3E03-275F-4942-9396-FC7A22F42C8D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:*", matchCriteriaId: "19DAD751-D170-4914-BAB2-6054DFEEF404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "2F429F37-3576-4D8A-9901-359D65EC3CF4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F526DEF1-4A3E-4FE1-8153-E9252DAE5B92", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C19679D0-F4DC-4130-AFFD-692E5130531A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "60D2FBF3-D8AB-41F0-B170-9E56FBF7E2F7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "F60324DD-8450-4B14-A7A1-0D5EA5163580", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:*", matchCriteriaId: "12F6DFD1-273B-4292-A22C-F2BE0DD3FB3F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "13EA024C-97A4-4D33-BC3E-51DB77C51E76", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "85289E35-C7C2-46D0-9BDC-10648DD2C86F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "17282822-C082-4FBC-B46D-468DCF8EF6B8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:*", matchCriteriaId: "F5463DA6-5D44-4C32-B46C-E8A2ADD7646B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "54A237CF-A439-4114-AF81-D75582F29573", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:*", matchCriteriaId: "A37D19BF-E4F5-4AF4-8942-0C3B62C4BF2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.65000.14\\):*:*:*:*:*:*:*", matchCriteriaId: "EF25688B-6659-4C7C-866D-79AA1166AD7A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.66000.14\\):*:*:*:*:*:*:*", matchCriteriaId: "47B70741-90D9-4676-BF16-8A21E147F532", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "ED862A1B-E558-4D44-839C-270488E735BB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2678AF98-1194-4810-9933-5BA50E409F88", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "37E7DEBD-9E47-4D08-86BC-D1B013450A98", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:*", matchCriteriaId: "1A935862-18F7-45FE-B647-1A9BA454E304", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "69594997-2568-4C10-A411-69A50BFD175F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "1EC39E2D-C47B-4311-BC7B-130D432549F4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "EE5E6CBE-D82C-4001-87CB-73DF526F0AB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "460E6456-0E51-45BC-868E-DEEA5E3CD366", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "F7F58659-A318-42A0-83C5-8F09FCD78982", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su1:*:*:*:*:*:*", matchCriteriaId: "D8A49E46-8501-4697-A17A-249A7D9F5A0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su2:*:*:*:*:*:*", matchCriteriaId: "5D81E7A9-0C2B-4603-91F0-ABF2380DBBA3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*", matchCriteriaId: "4DFCE723-9359-40C7-BA35-B71BDF8E3CF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*", matchCriteriaId: "28B1524E-FDCA-4570-86DD-CE396271B232", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*", matchCriteriaId: "74DC6F28-BFEF-4D89-93D5-10072DAC39C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*", matchCriteriaId: "BA1D60D7-1B4A-4EEE-A26C-389D9271E005", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*", matchCriteriaId: "1D726F07-06F1-4B0A-B010-E607E0C2A280", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3ED58B0E-FCC7-48E3-A5C0-6CC54A38BAE3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:*", matchCriteriaId: "41E168ED-D664-4749-805E-77644407EAFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*", matchCriteriaId: "DCD69468-8067-4A5D-B2B0-EC510D889AA0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*", matchCriteriaId: "85F22403-B4EE-4303-9C94-915D3E0AC944", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BBCA75A6-0A3E-4393-8884-9F3CE190641E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D619BF54-1BA9-45D0-A876-92D7010088A0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:002.004\\(000.914\\):-:*:*:*:*:*:*", matchCriteriaId: "808F8065-BD3A-4802-83F9-CE132EDB8D34", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:002.006\\(000.156\\):-:*:*:*:*:*:*", matchCriteriaId: "B236B13E-93B9-424E-926C-95D3DBC6CA5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:002.007\\(000.356\\):-:*:*:*:*:*:*", matchCriteriaId: "8A63CC83-0A6E-4F33-A1BE-214A33B51518", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:003.000\\(000.458\\):-:*:*:*:*:*:*", matchCriteriaId: "37DB7759-6529-46DE-B384-10F060D86A97", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:003.001\\(000.518\\):-:*:*:*:*:*:*", matchCriteriaId: "8C640AD9-146E-488A-B166-A6BB940F97D3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:003.002\\(000.116\\):-:*:*:*:*:*:*", matchCriteriaId: "DAC1FA7E-CB1B-46E5-A248-ABACECFBD6E8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\\(002.000\\):*:*:*:*:*:*:*", matchCriteriaId: "7C3BD5AF-9FC1-494B-A676-CC3D4B8EAC8D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "F477CACA-2AA0-417C-830D-F2D3AE93153A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:*", matchCriteriaId: "7E3BE5E1-A6B6-46C7-B93B-8A9F5AEA2731", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:*", matchCriteriaId: "04E0BB7B-0716-4DBD-89B9-BA11AAD77C00", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_assurance_engine:6.0\\(2.1912\\):*:*:*:*:*:*:*", matchCriteriaId: "64C98A76-0C31-45E7-882B-35AE0D2C5430", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "379F8D86-BE87-4250-9E85-494D331A0398", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "71F69E51-E59D-4AE3-B242-D6D2CFDB3F46", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "578DA613-8E15-4748-A4B7-646415449609", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "544EFAD6-CE2F-4E1D-9A00-043454B72889", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2E16DF9C-3B64-4220-82B6-6E20C7807BAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B9CD5B8A-9846-48F1-9495-77081E44CBFC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "68E6CD49-6F71-4E17-B046-FBE91CE91CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "0BDD8018-7E77-4C89-917E-ACDC678A7DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_insights_for_data_center:6.0\\(2.1914\\):*:*:*:*:*:*:*", matchCriteriaId: "A7D39156-A47D-405E-8C02-CAE7D637F99A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "5426FC59-411D-4963-AFEF-5B55F68B8958", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:*", matchCriteriaId: "810E9A92-4302-4396-94D3-3003947DB2A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:8.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "522C36A5-7520-4368-BD92-9AB577756493", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:8.4\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CB2EC4BE-FFAF-4605-8A96-2FEF35975540", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CA1D3C2A-E5FA-400C-AC01-27A3E5160477", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "63B27050-997B-4D54-8E5A-CE9E33904318", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:9.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "5ABF05B8-1B8A-4CCF-A1AD-D8602A247718", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2F74580D-0011-4ED9-9A00-B4CDB6685154", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:12.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "17A3C22E-1980-49B6-8985-9FA76A77A836", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:14.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B1AB42DC-CE58-448A-A6B5-56F31B15F4A0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:*", matchCriteriaId: "9DC32B55-0C76-4669-8EAD-DCC16355E887", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:*", matchCriteriaId: "6CDA737F-337E-4C30-B68D-EF908A8D6840", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:*", matchCriteriaId: "9DC5A89C-CCCF-49EC-B4FC-AB98ACB79233", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:*", matchCriteriaId: "4BA4F513-CBA1-4523-978B-D498CEDAE0CF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:*", matchCriteriaId: "6C53C6FD-B98E-4F7E-BA4D-391C90CF9E83", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:*", matchCriteriaId: "D00F6719-2C73-4D8D-8505-B9922E8A4627", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:*", matchCriteriaId: "EFE9210F-39C5-4828-9608-6905C1D378D4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:*", matchCriteriaId: "A1CEDCE4-CFD1-434B-B157-D63329CBA24A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "33660EB8-2984-4258-B8AD-141B7065C85E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "0ACA346D-5103-47F0-8BD9-7A8AD9B92E98", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "A38BDF03-23C8-4BB6-A44D-68818962E7CB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "3104C099-FEDA-466B-93CC-D55F058F7CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "890EA1C7-5990-4C71-857F-197E6F5B4089", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:*", matchCriteriaId: "56F21CF4-83FE-4529-9871-0FDD70D3095E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B9331834-9EAD-46A1-9BD4-F4027E49D0C3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "0E707E44-12CD-46C3-9124-639D0265432E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "2FEE8482-DB64-4421-B646-9E5F560D1712", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "4385CE6E-6283-4621-BBD9-8E66E2A34843", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1d\\):*:*:*:*:*:*:*", matchCriteriaId: "9A6CDBD4-889B-442D-B272-C8E9A1B6AEC0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1e\\):*:*:*:*:*:*:*", matchCriteriaId: "FF1E59F9-CF4F-4EFB-872C-5F503A04CCF4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1f\\):*:*:*:*:*:*:*", matchCriteriaId: "1782219F-0C3D-45B7-80C7-D1DAA70D90B1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1g\\):*:*:*:*:*:*:*", matchCriteriaId: "DDAB3BAD-1EC6-4101-A58D-42DA48D04D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1h\\):*:*:*:*:*:*:*", matchCriteriaId: "8F7AA674-6BC2-490F-8D8A-F575B11F4BE0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1k\\):*:*:*:*:*:*:*", matchCriteriaId: "6945C4DE-C070-453E-B641-2F5B9CFA3B6D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1l\\):*:*:*:*:*:*:*", matchCriteriaId: "DAB8C7C0-D09B-4232-A88E-57D25AF45457", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.17900.52\\):*:*:*:*:*:*:*", matchCriteriaId: "ACEDB7B4-EBD4-4A37-9EE3-07EE3B46BE44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18119.2\\):*:*:*:*:*:*:*", matchCriteriaId: "820D579C-AA45-4DC1-945A-748FFCD51CA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18900.97\\):*:*:*:*:*:*:*", matchCriteriaId: "7B23A9A6-CD04-4D76-BE3F-AFAFBB525F5E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.21900.40\\):*:*:*:*:*:*:*", matchCriteriaId: "A44E6007-7A3A-4AD3-9A65-246C59B73FB6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.22900.28\\):*:*:*:*:*:*:*", matchCriteriaId: "3D508E51-4075-4E34-BB7C-65AF9D56B49F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "376D06D5-D68E-4FF0-97E5-CBA2165A05CF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:11.5\\(1.22900.6\\):*:*:*:*:*:*:*", matchCriteriaId: "18ED6B8F-2064-4BBA-A78D-4408F13C724D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system:006.008\\(001.000\\):*:*:*:*:*:*:*", matchCriteriaId: "94091FE3-AB88-4CF5-8C4C-77B349E716A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "91D62A73-21B5-4D16-A07A-69AED2D40CC0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "53F1314A-9A2C-43DC-8203-E4654EF013CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "0ADE468B-8F0C-490D-BB4C-358D947BA8E4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "32FEE78D-309E-491D-9AB6-98005F1CBF49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "878D9901-675D-4444-B094-0BA505E7433F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*", matchCriteriaId: "66E25EE4-AB7B-42BF-A703-0C2E83E83577", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):su1:*:*:*:*:*:*", matchCriteriaId: "D8F35520-F04A-4863-A1BC-0EDD2D1804F7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "EF9855FD-7747-4D9E-9542-703B1EC9A382", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "E07AF386-D8A5-44F5-A418-940C9F88A36A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "113C77DA-AC22-4D67-9812-8510EFC0A95F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "4BE221AB-A3B0-4CFF-9BC0-777773C2EF63", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "15941265-1E7E-4C3E-AF1D-027C5E0D3141", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "54AA2B0C-92A1-4B53-88D7-6E31120F5041", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD7207-85FB-4484-8720-4D11F296AC10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):-:*:*:*:*:*:*", matchCriteriaId: "62E009C4-BE3E-4A14-91EF-8F667B2220A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es01:*:*:*:*:*:*", matchCriteriaId: "088512E1-434D-4685-992E-192A98ECAD9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es02:*:*:*:*:*:*", matchCriteriaId: "50A7BBC6-077C-4182-AA7A-577C4AAC3CD8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):-:*:*:*:*:*:*", matchCriteriaId: "E0536F45-3A49-4F93-942E-AF679DFC7017", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(000\\):*:*:*:*:*:*:*", matchCriteriaId: "3D54794B-6CD5-46D7-B9E9-62A642143562", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(001\\):*:*:*:*:*:*:*", matchCriteriaId: "BE844DCA-FF52-43F5-BDD9-836A812A8CFF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(000\\):*:*:*:*:*:*:*", matchCriteriaId: "07B261EB-CA63-4796-BD15-A6770FD68B34", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(001\\):*:*:*:*:*:*:*", matchCriteriaId: "29F9067A-B86C-4A6B-ACB7-DB125E04B795", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_workforce_optimization:11.5\\(1\\):sr7:*:*:*:*:*:*", matchCriteriaId: "FAC4CC92-8BA0-4D96-9C48-5E311CDED53F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*", matchCriteriaId: "8F2437A5-217A-4CD1-9B72-A31BDDC81F42", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "9C3CFF0D-BD70-4353-AE2F-6C55F8DE56A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(1.26\\):*:*:*:*:*:*:*", matchCriteriaId: "2CE47760-0E71-4FCA-97D1-CF0BB71CAC17", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(2.26\\):*:*:*:*:*:*:*", matchCriteriaId: "89B2D4F5-CB86-4B25-8C14-CED59E8A3F22", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(3.025\\):*:*:*:*:*:*:*", matchCriteriaId: "B150B636-6267-4504-940F-DC37ABEFB082", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(4.018\\):*:*:*:*:*:*:*", matchCriteriaId: "D00B9911-A7CA-467E-B7A3-3AF31828D5D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:*", matchCriteriaId: "B67C08C3-412F-4B7F-B98C-EEAEE77CBE4B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6D428C9B-53E1-4D26-BB4D-57FDE02FA613", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CDB41596-FACF-440A-BB6C-8CAD792EC186", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "D8C88EE2-5702-4E8B-A144-CB485435FD62", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:*", matchCriteriaId: "1BC62844-C608-4DB1-A1AD-C1B55128C560", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:*", matchCriteriaId: "EFF2FFA4-358A-4F33-BC67-A9EF8A30714E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:*", matchCriteriaId: "53C0BBDE-795E-4754-BB96-4D6D4B5A804F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:*", matchCriteriaId: "7A41E377-16F9-423F-8DC2-F6EDD54E1069", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:*", matchCriteriaId: "F0C2789E-255B-45D9-9469-B5B549A01F53", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:*", matchCriteriaId: "EFAFEC61-2128-4BFA-992D-54742BD4911A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F12AF70E-2201-4F5D-A929-A1A057B74252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:*", matchCriteriaId: "A2CBCDC4-02DF-47F4-A01C-7CBCB2FF0163", versionEndExcluding: "8.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:*", matchCriteriaId: "C42D44C8-9894-4183-969B-B38FDA1FEDF9", versionEndExcluding: "3.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:*", matchCriteriaId: "452D8730-F273-4AB4-9221-E82EC2CAAFD8", versionEndExcluding: "6.2.4.2", versionStartIncluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:*", matchCriteriaId: "F2EF5054-EECB-4489-B27A-AACB96B25B97", versionEndExcluding: "6.4.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*", matchCriteriaId: "16E0A04D-30BE-4AB3-85A1-13AF614C425C", versionEndIncluding: "7.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", matchCriteriaId: "E0755E91-2F36-4EC3-8727-E8BF0427E663", versionEndExcluding: "13.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.", }, { lang: "es", value: "Las características JNDI de Apache Log4j2 2.0-beta9 hasta 2.15.0 (excluyendo las versiones de seguridad 2.12.2, 2.12.3 y 2.3.1) utilizadas en la configuración, los mensajes de registro y los parámetros no protegen contra LDAP controlado por un atacante y otros puntos finales relacionados con JNDI. Un atacante que pueda controlar los mensajes de registro o los parámetros de los mensajes de registro puede ejecutar código arbitrario cargado desde servidores LDAP cuando la sustitución de la búsqueda de mensajes está habilitada. A partir de la versión 2.15.0 de log4j, este comportamiento ha sido deshabilitado por defecto. A partir de la versión 2.16.0 (junto con las versiones 2.12.2, 2.12.3 y 2.3.1), esta funcionalidad se ha eliminado por completo. Tenga en cuenta que esta vulnerabilidad es específica de log4j-core y no afecta a log4net, log4cxx u otros proyectos de Apache Logging Services", }, ], id: "CVE-2021-44228", lastModified: "2025-04-03T20:53:22.977", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2021-12-10T10:15:09.143", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", "Broken Link", ], url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://github.com/cisagov/log4j-affected-db", }, { source: "security@apache.org", tags: [ "Broken Link", "Product", "US Government Resource", ], url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { source: "security@apache.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { source: "security@apache.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { source: "security@apache.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213189", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Broken Link", "Exploit", "Third Party Advisory", ], url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", "Broken Link", ], url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/cisagov/log4j-affected-db", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Product", "US Government Resource", ], url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213189", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Third Party Advisory", ], url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-400", }, { lang: "en", value: "CWE-502", }, ], source: "security@apache.org", type: "Primary", }, { description: [ { lang: "en", value: "CWE-917", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 01:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/108351 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1819 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108351 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1819 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6F09A4CD-6339-48F6-9408-3E5949316FE9", versionEndExcluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "A4491F05-D89C-4B35-A051-B36957DD9F68", versionEndExcluding: "3.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.", }, { lang: "es", value: "Una vulnerabilidad en web-based management interface del programa Cisco Prime Infrastructure y Cisco Evolved Programmable Network (EPN) podría permitir que un atacante remoto autenticado descargue y vea archivos dentro de la aplicación que deberían estar restringidos. Esta vulnerabilidad se debe a la desinfección incorrecta de la entrada proporcionada por el usuario en los parámetros de solicitud HTTP que describen los nombres de archivo. Un atacante podría aprovechar esta vulnerabilidad mediante el uso de técnicas de cruce de directorios para enviar una ruta a una ubicación de archivo deseada. Un aprovechamiento exitoso podría permitir al atacante ver archivos de aplicaciones que pueden contener información confidencial.", }, ], id: "CVE-2019-1819", lastModified: "2024-11-21T04:37:27.780", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T01:29:00.360", references: [ { source: "psirt@cisco.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108351", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1819", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1819", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-05 18:15
Modified
2024-11-21 07:40
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "0A1E29E3-1327-4E6B-B068-7B5289A4F0A7", versionEndIncluding: "3.7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "612F8E5C-6C18-4DE8-A548-8F24A5B10948", versionEndExcluding: "3.10.2", versionStartIncluding: "3.10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.8:*:*:*:*:*:*:*", matchCriteriaId: "932E6B00-78B5-4A0E-B87E-4993D6491C34", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.8.1:-:*:*:*:*:*:*", matchCriteriaId: "608240CD-CD6C-42A3-9590-7F37B35EDC53", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.9:*:*:*:*:*:*:*", matchCriteriaId: "2A1AA925-3BF0-4D8B-BB39-E6DBBAD2CF8B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.9.1:-:*:*:*:*:*:*", matchCriteriaId: "EA458C15-66E7-4976-8805-A10608BF7C9F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FFEE5D43-E3D7-463E-A20D-F812E6B3E770", versionEndExcluding: "5.0.2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "80D67146-B941-4FFA-894C-8032E94E0285", versionEndExcluding: "5.1.4.2", versionStartIncluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A644AE0B-420A-4673-B8E5-D41A5FDB2852", versionEndExcluding: "6.0.2.1", versionStartIncluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "93E92BB5-14F3-4B5A-B546-7101E1B77AAC", versionEndExcluding: "6.1.1.1", versionStartIncluding: "6.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], id: "CVE-2023-20130", lastModified: "2024-11-21T07:40:37.600", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-05T18:15:07.803", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-27", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-16 22:15
Modified
2024-11-21 07:40
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device.
The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "00599BDB-3705-4DA2-A78B-357AEBA4C164", versionEndIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "2B56D616-F6F6-46AF-AE11-01A9CCC47464", versionEndIncluding: "3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device.\r\n\r The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, ], id: "CVE-2023-20222", lastModified: "2024-11-21T07:40:56.013", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-16T22:15:11.757", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-storedxss-tTjO62r", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-storedxss-tTjO62r", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-80", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-07-02 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | prime_infrastructure | 1.2 | |
| cisco | prime_infrastructure | 1.2.0.103 | |
| cisco | prime_infrastructure | 1.2.1 | |
| cisco | prime_infrastructure | 1.3 | |
| cisco | prime_infrastructure | 1.3.0.20 | |
| cisco | prime_infrastructure | 1.4 | |
| cisco | prime_infrastructure | 1.4.0.45 | |
| cisco | prime_infrastructure | 1.4.1 | |
| cisco | prime_infrastructure | 1.4.2 | |
| cisco | prime_infrastructure | 2.0 | |
| cisco | prime_infrastructure | 2.1.0 | |
| cisco | prime_infrastructure | 2.2 | |
| cisco | prime_infrastructure | 2.2\(2\) | |
| cisco | prime_infrastructure | 3.0 | |
| cisco | prime_infrastructure | 3.1 | |
| cisco | evolved_programmable_network_manager | 1.2.0 | |
| cisco | evolved_programmable_network_manager | 1.2.1.3 | |
| cisco | evolved_programmable_network_manager | 1.2.200 | |
| cisco | evolved_programmable_network_manager | 1.2.300 | |
| cisco | evolved_programmable_network_manager | 1.2.400 | |
| cisco | evolved_programmable_network_manager | 1.2.500 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*", matchCriteriaId: "BA72A91C-0E65-420A-9DBE-3E0853EDB7C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*", matchCriteriaId: "B257E2F8-30EB-4BCC-8ACF-35DF73107AAC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8B48C1E6-7C18-4C6B-B402-9C0E1A931C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*", matchCriteriaId: "B64A7FCA-1DEA-45B2-9C69-CCDCC848D9B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*", matchCriteriaId: "E78D776C-AA8C-471D-A0C0-02428FA07A29", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*", matchCriteriaId: "9D3206E7-DC91-4861-AD32-46DA82509D5B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*", matchCriteriaId: "1704AC8E-BD7E-4882-8BB3-45B9E2AE0F10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "9ACB00E7-41E3-4221-8400-A279A75FD355", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "853315C7-01A7-4E83-9CBB-D45F6B5C4664", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*", matchCriteriaId: "EB157A80-3A03-4B8D-9B20-C456A953CF7E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7678B118-E00C-4B1E-8B40-D3233DE3615C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*", matchCriteriaId: "56394A07-6D74-4588-8C05-DE04959F7FC7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "7830BF63-55ED-4D8B-B380-1E78E338EA2D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.0:*:*:*:*:*:*:*", matchCriteriaId: "48F3C5A5-6C84-408D-B59A-265F8775C943", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*", matchCriteriaId: "27F4F1D6-82DA-4675-B734-D9C5371E6654", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "3C057764-0A1B-41A9-A21B-F665480145AD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "1AE45F94-2372-4CDD-A1E1-A4646F8D85AF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.200:*:*:*:*:*:*:*", matchCriteriaId: "8FD09D59-8557-4559-B0AB-71ECDEC77150", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.300:*:*:*:*:*:*:*", matchCriteriaId: "1E49859E-08F7-485D-8EA0-F1B6024B2413", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.400:*:*:*:*:*:*:*", matchCriteriaId: "E9A9DA98-C2E5-4CCB-B31B-3E55A0C98FBC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.500:*:*:*:*:*:*:*", matchCriteriaId: "2345C38D-1BA0-4A72-AC3E-8BA80FCEF7C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.", }, { lang: "es", value: "Cisco Prime Infrastructure 1.2 hasta la versión 3.1 y Evolved Programmable Network Manager (EPNM) 1.2 y 2.0 permite a usuarios remotos autenticado ejecutar comandos arbitrarios o subir archivos a través de una petición HTTP manipulada, también conocida como Bug ID CSCuz01488.", }, ], id: "CVE-2016-1408", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-02T14:59:07.430", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/91506", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1036197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/91506", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036197", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-04 16:15
Modified
2024-11-21 06:11
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F71B9209-0369-447C-8027-C45FE842E001", versionEndExcluding: "5.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "BB9B8A10-FBED-44F5-8DFF-F5AA2060CB41", versionEndExcluding: "3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web de Cisco Prime Infrastructure (PI) y Cisco Evolved Programmable Network Manager (EPNM) podría permitir a un atacante remoto autenticado realizar un ataque de tipo cross-site scripting (XSS) almacenado contra un usuario de la interfaz de administración basada en la web de un dispositivo afectado. Esta vulnerabilidad es debido a que la interfaz de administración basada en la web no comprueba correctamente las entradas proporcionadas por el usuario. Un atacante podría explotar esta vulnerabilidad al convencer a un usuario de la interfaz afectada para que haga clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código de script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador", }, ], id: "CVE-2021-34784", lastModified: "2024-11-21T06:11:11.693", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-04T16:15:08.977", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-22 07:15
Modified
2024-11-21 05:44
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.4 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
3.4 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Summary
A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A successful exploit could allow the attacker to identify file directories on the affected device and write arbitrary files to the file system on the affected device. To exploit this vulnerability, the attacker must be an authenticated shell user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | identity_services_engine | * | |
| cisco | identity_services_engine | 2.7.0 | |
| cisco | identity_services_engine | 2.7.0 | |
| cisco | identity_services_engine | 3.0.0 | |
| cisco | identity_services_engine | 3.0.0 | |
| cisco | prime_infrastructure | * | |
| cisco | prime_infrastructure | 3.8.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A539891B-EEAC-4909-98A9-ECD882FCAC1A", versionEndExcluding: "5.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "4D859076-BAB5-41B8-860E-646FE4E37264", versionEndExcluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*", matchCriteriaId: "1F22FABF-2831-4895-B0A9-283B98398F43", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*", matchCriteriaId: "2887A2C0-BADA-41D3-AA6A-F10BC58AA7F9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*", matchCriteriaId: "A1063044-BCD7-487F-9880-141C30547E36", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*", matchCriteriaId: "DA42E65A-7207-48B8-BE1B-0B352201BC09", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "4D874EC8-DCD1-4140-AB45-6320F87BE37F", versionEndExcluding: "3.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.8.1:-:*:*:*:*:*:*", matchCriteriaId: "608240CD-CD6C-42A3-9590-7F37B35EDC53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A successful exploit could allow the attacker to identify file directories on the affected device and write arbitrary files to the file system on the affected device. To exploit this vulnerability, the attacker must be an authenticated shell user.", }, { lang: "es", value: "Una vulnerabilidad en el shell restringido de Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE) y Cisco Prime Infrastructure, podría permitir a un atacante autenticado local identificar directorios y escribir archivos arbitrarios en el sistema de archivos. Esta vulnerabilidad es debido a una comprobación inapropiada de los parámetros que son enviados hacia un comando de CLI dentro del shell restringido. Un atacante podría explotar esta vulnerabilidad iniciando sesión en el dispositivo y emitiendo determinados comandos de CLI. Una explotación con éxito podría permitir al atacante identificar directorios de archivos en el dispositivo afectado y escribir archivos arbitrarios en el sistema de archivos del dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe ser un usuario de shell autenticado", }, ], id: "CVE-2021-1306", lastModified: "2024-11-21T05:44:03.263", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 2.5, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.4, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-22T07:15:07.197", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-73", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-610", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-17 15:15
Modified
2024-11-21 06:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "29C9A4DF-2C01-4B41-B76C-F72656553A28", versionEndExcluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "BB9B8A10-FBED-44F5-8DFF-F5AA2060CB41", versionEndExcluding: "3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web de Cisco Prime Infrastructure y Cisco Evolved Programmable Network (EPN) Manager podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad es debido a que la interfaz de administración basada en la web no comprueba correctamente las entradas proporcionadas por el usuario. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario de una interfaz afectada para que haga clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador", }, ], id: "CVE-2022-20659", lastModified: "2024-11-21T06:43:15.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-17T15:15:09.453", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-P8fBz2FW", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-P8fBz2FW", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-22 07:15
Modified
2024-11-21 05:44
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with the permissions of a special non-root user. In this way, an attacker could take control of the affected system, which would allow them to obtain and alter sensitive data. The attacker could also affect the devices that are managed by the affected system by pushing arbitrary configuration files, retrieving device credentials and confidential information, and ultimately undermining the stability of the devices, causing a denial of service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9F2DA385-2595-45AD-B3D9-75662A7451D4", versionEndExcluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "D243BC9D-6E89-4253-85DB-FCC322ADCA34", versionEndExcluding: "3.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with the permissions of a special non-root user. In this way, an attacker could take control of the affected system, which would allow them to obtain and alter sensitive data. The attacker could also affect the devices that are managed by the affected system by pushing arbitrary configuration files, retrieving device credentials and confidential information, and ultimately undermining the stability of the devices, causing a denial of service (DoS) condition.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Prime Infrastructure y Evolved Programmable Network (EPN) Manager, podría permitir a un atacante remoto autenticado ejecutar comandos arbitrarios en un sistema afectado. La vulnerabilidad es debido a una comprobación insuficiente de la entrada suministrada por el usuario para la interfaz de administración basada en web. Un atacante podría explotar esta vulnerabilidad mediante el envío de peticiones HTTP diseñadas hacia la interfaz. Una explotación con éxito podría permitir al atacante ejecutar comandos arbitrarios en el Sistema Operativo (SO) subyacente con los permisos de un usuario especial no root. De esta forma, un atacante podría tomar el control del sistema afectado, lo que le permitiría obtener y alterar datos confidenciales. El atacante también podría afectar los dispositivos administrados por el sistema afectado al enviar archivos de configuración arbitrarios, recuperar las credenciales del dispositivo y la información confidencial y, en última instancia, socavar la estabilidad de los dispositivos, causando una condición de denegación de servicio (DoS)", }, ], id: "CVE-2021-1487", lastModified: "2024-11-21T05:44:27.920", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-22T07:15:07.300", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-cmd-inj-YU5e6tB3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-cmd-inj-YU5e6tB3", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "psirt@cisco.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-05 19:15
Modified
2024-11-21 07:40
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | identity_services_engine | 3.2 | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "86005B29-2168-4D94-AFAC-43973E2CA19F", versionEndExcluding: "7.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*", matchCriteriaId: "36722B6C-64A5-4D00-94E1-442878C37A35", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F", versionEndExcluding: "3.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], id: "CVE-2023-20121", lastModified: "2024-11-21T07:40:36.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.2, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-05T19:15:08.030", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-adeos-MLAyEcvk", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-adeos-MLAyEcvk", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-07-02 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | prime_infrastructure | 1.2 | |
| cisco | prime_infrastructure | 1.2.0.103 | |
| cisco | prime_infrastructure | 1.2.1 | |
| cisco | prime_infrastructure | 1.3 | |
| cisco | prime_infrastructure | 1.3.0.20 | |
| cisco | prime_infrastructure | 1.4 | |
| cisco | prime_infrastructure | 1.4.0.45 | |
| cisco | prime_infrastructure | 1.4.1 | |
| cisco | prime_infrastructure | 1.4.2 | |
| cisco | prime_infrastructure | 2.0 | |
| cisco | prime_infrastructure | 2.1.0 | |
| cisco | prime_infrastructure | 2.2 | |
| cisco | prime_infrastructure | 2.2\(2\) | |
| cisco | evolved_programmable_network_manager | 1.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*", matchCriteriaId: "BA72A91C-0E65-420A-9DBE-3E0853EDB7C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*", matchCriteriaId: "B257E2F8-30EB-4BCC-8ACF-35DF73107AAC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8B48C1E6-7C18-4C6B-B402-9C0E1A931C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*", matchCriteriaId: "B64A7FCA-1DEA-45B2-9C69-CCDCC848D9B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*", matchCriteriaId: "E78D776C-AA8C-471D-A0C0-02428FA07A29", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*", matchCriteriaId: "9D3206E7-DC91-4861-AD32-46DA82509D5B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*", matchCriteriaId: "1704AC8E-BD7E-4882-8BB3-45B9E2AE0F10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "9ACB00E7-41E3-4221-8400-A279A75FD355", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "853315C7-01A7-4E83-9CBB-D45F6B5C4664", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*", matchCriteriaId: "EB157A80-3A03-4B8D-9B20-C456A953CF7E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7678B118-E00C-4B1E-8B40-D3233DE3615C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*", matchCriteriaId: "56394A07-6D74-4588-8C05-DE04959F7FC7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "7830BF63-55ED-4D8B-B380-1E78E338EA2D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "3C057764-0A1B-41A9-A21B-F665480145AD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.", }, { lang: "es", value: "La API en Cisco Prime Infrastructure 1.2 hasta la versión 3.0 y Evolved Programmable Network Manager (EPNM) 1.2 permite a atacantes remotos ejecutar código arbitrario u obtener información de gestión sensible a través de una petición HTTP manipulada, según lo demostrado mediante el descubrimiento de credenciales de dispositivos gestionados, también conocido como Bug ID CSCuy10231.", }, ], id: "CVE-2016-1289", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-02T14:59:06.100", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/91504", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1036195", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/91504", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036195", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 01:29
Modified
2024-11-21 04:37
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/108337 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108337 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6F09A4CD-6339-48F6-9408-3E5949316FE9", versionEndExcluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "67CF7487-D071-4DE6-8E87-B379B24D7BBD", versionEndExcluding: "3.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.", }, { lang: "es", value: "Una vulnerabilidad en la web-based management interface de Prime Infrastructure (PI) y Evolved Programmable Network (EPN) Manager de Cisco podría permitir que un atacante remoto autenticado ejecutara consultas SQL arbitrarias. Esta vulnerabilidad existe porque el programa valida incorrectamente la entrada proporcionada por el usuario en las consultas SQL. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud HTTP diseñada que contenga sentencias SQL maliciosas a la aplicación afectada. Un aprovechamiento exitoso podría permitir al atacante ver o modificar entradas en algunas tablas de la base de datos, afectando la integridad de los datos.", }, ], id: "CVE-2019-1824", lastModified: "2024-11-21T04:37:28.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T01:29:00.670", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108337", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-05 18:15
Modified
2024-11-21 07:40
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "0A1E29E3-1327-4E6B-B068-7B5289A4F0A7", versionEndIncluding: "3.7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "612F8E5C-6C18-4DE8-A548-8F24A5B10948", versionEndExcluding: "3.10.2", versionStartIncluding: "3.10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.8:*:*:*:*:*:*:*", matchCriteriaId: "932E6B00-78B5-4A0E-B87E-4993D6491C34", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.8.1:-:*:*:*:*:*:*", matchCriteriaId: "608240CD-CD6C-42A3-9590-7F37B35EDC53", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.9:*:*:*:*:*:*:*", matchCriteriaId: "2A1AA925-3BF0-4D8B-BB39-E6DBBAD2CF8B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.9.1:-:*:*:*:*:*:*", matchCriteriaId: "EA458C15-66E7-4976-8805-A10608BF7C9F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FFEE5D43-E3D7-463E-A20D-F812E6B3E770", versionEndExcluding: "5.0.2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "80D67146-B941-4FFA-894C-8032E94E0285", versionEndExcluding: "5.1.4.2", versionStartIncluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A644AE0B-420A-4673-B8E5-D41A5FDB2852", versionEndExcluding: "6.0.2.1", versionStartIncluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "93E92BB5-14F3-4B5A-B546-7101E1B77AAC", versionEndExcluding: "6.1.1.1", versionStartIncluding: "6.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], id: "CVE-2023-20129", lastModified: "2024-11-21T07:40:37.480", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-05T18:15:07.747", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-27", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-16 22:15
Modified
2024-11-21 07:40
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D31DFA66-3CD9-45B4-8F23-61234B50D5A9", versionEndExcluding: "7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F", versionEndExcluding: "3.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.\r\n\r These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.", }, ], id: "CVE-2023-20201", lastModified: "2024-11-21T07:40:49.140", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-16T22:15:10.750", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 01:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/108345 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1820 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108345 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1820 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6F09A4CD-6339-48F6-9408-3E5949316FE9", versionEndExcluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "A4491F05-D89C-4B35-A051-B36957DD9F68", versionEndExcluding: "3.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.", }, { lang: "es", value: "Una vulnerabilidad en la web-based management interface del programa Prime Infrastructure y Evolved Programmable Network (EPN) de Cisco podría permitir que un atacante remoto autenticado descargue y vea archivos dentro de la aplicación que debería estar restringida. Esta vulnerabilidad se debe a la desinfección incorrecta de la entrada proporcionada por el usuario en los parámetros de solicitud HTTP que describen los nombres de archivo. Un atacante podría aprovechar esta vulnerabilidad mediante el uso de técnicas de cruce de directorios para enviar una ruta a una ubicación de archivo deseada. Un aprovechamiento exitoso podría permitir al atacante ver archivos de aplicaciones que pueden contener información confidencial.", }, ], id: "CVE-2019-1820", lastModified: "2024-11-21T04:37:27.933", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T01:29:00.420", references: [ { source: "psirt@cisco.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108345", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1820", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108345", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1820", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-06 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | 1.2.0 | |
| cisco | prime_infrastructure | 1.2 | |
| cisco | prime_infrastructure | 1.2.0.103 | |
| cisco | prime_infrastructure | 1.2.1 | |
| cisco | prime_infrastructure | 1.3 | |
| cisco | prime_infrastructure | 1.3.0.20 | |
| cisco | prime_infrastructure | 1.4 | |
| cisco | prime_infrastructure | 1.4.0.45 | |
| cisco | prime_infrastructure | 1.4.1 | |
| cisco | prime_infrastructure | 1.4.2 | |
| cisco | prime_infrastructure | 2.0 | |
| cisco | prime_infrastructure | 2.1.0 | |
| cisco | prime_infrastructure | 2.2 | |
| sun | opensolaris | snv_124 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "3C057764-0A1B-41A9-A21B-F665480145AD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*", matchCriteriaId: "BA72A91C-0E65-420A-9DBE-3E0853EDB7C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*", matchCriteriaId: "B257E2F8-30EB-4BCC-8ACF-35DF73107AAC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8B48C1E6-7C18-4C6B-B402-9C0E1A931C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*", matchCriteriaId: "B64A7FCA-1DEA-45B2-9C69-CCDCC848D9B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*", matchCriteriaId: "E78D776C-AA8C-471D-A0C0-02428FA07A29", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*", matchCriteriaId: "9D3206E7-DC91-4861-AD32-46DA82509D5B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*", matchCriteriaId: "1704AC8E-BD7E-4882-8BB3-45B9E2AE0F10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "9ACB00E7-41E3-4221-8400-A279A75FD355", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "853315C7-01A7-4E83-9CBB-D45F6B5C4664", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*", matchCriteriaId: "EB157A80-3A03-4B8D-9B20-C456A953CF7E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7678B118-E00C-4B1E-8B40-D3233DE3615C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*", matchCriteriaId: "56394A07-6D74-4588-8C05-DE04959F7FC7", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", matchCriteriaId: "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.", }, { lang: "es", value: "La API web en Cisco Prime Infrastructure 1.2.0 hasta la versión 2.2(2) y Cisco Evolved Programmable Network Manager (EPNM) 1.2 permite a usuarios remotos autenticados eludir restricciones RBAC previstas y obtener privilegios a través de una petición HTTP que es inconsistente con un patrón de filtro, también conocido como Bug ID CSCuy10227.", }, ], id: "CVE-2016-1290", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-06T23:59:10.910", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1035498", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035498", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-05 18:15
Modified
2024-11-21 07:40
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "0A1E29E3-1327-4E6B-B068-7B5289A4F0A7", versionEndIncluding: "3.7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "612F8E5C-6C18-4DE8-A548-8F24A5B10948", versionEndExcluding: "3.10.2", versionStartIncluding: "3.10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.8:*:*:*:*:*:*:*", matchCriteriaId: "932E6B00-78B5-4A0E-B87E-4993D6491C34", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.8.1:-:*:*:*:*:*:*", matchCriteriaId: "608240CD-CD6C-42A3-9590-7F37B35EDC53", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.9:*:*:*:*:*:*:*", matchCriteriaId: "2A1AA925-3BF0-4D8B-BB39-E6DBBAD2CF8B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.9.1:-:*:*:*:*:*:*", matchCriteriaId: "EA458C15-66E7-4976-8805-A10608BF7C9F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FFEE5D43-E3D7-463E-A20D-F812E6B3E770", versionEndExcluding: "5.0.2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "80D67146-B941-4FFA-894C-8032E94E0285", versionEndExcluding: "5.1.4.2", versionStartIncluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A644AE0B-420A-4673-B8E5-D41A5FDB2852", versionEndExcluding: "6.0.2.1", versionStartIncluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "93E92BB5-14F3-4B5A-B546-7101E1B77AAC", versionEndExcluding: "6.1.1.1", versionStartIncluding: "6.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], id: "CVE-2023-20131", lastModified: "2024-11-21T07:40:37.737", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-05T18:15:07.853", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-27", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-17 17:15
Modified
2024-11-21 07:41
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * | |
| cisco | prime_infrastructure | 3.10.4 | |
| cisco | prime_infrastructure | 3.10.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2AEC9133-19C1-4CC5-A1F4-187D2EF36B40", versionEndExcluding: "7.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F", versionEndExcluding: "3.10.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*", matchCriteriaId: "8E76E81B-A235-4A19-AAE4-319CB7840673", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*", matchCriteriaId: "774C7557-0D83-40A9-815C-4E32419A3B6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system.", }, { lang: "es", value: "Una vulnerabilidad en la CLI de la aplicación de Cisco Prime Infrastructure y Cisco Evolved Programmable Network Manager podría permitir que un atacante local autenticado obtenga privilegios aumentados. Esta vulnerabilidad se debe al procesamiento inadecuado de los argumentos de la línea de comando en los scripts de la aplicación. Un atacante podría aprovechar esta vulnerabilidad emitiendo un comando en la CLI con opciones maliciosas. Una explotación exitosa podría permitir al atacante obtener privilegios aumentados del usuario root en el sistema operativo subyacente.", }, ], id: "CVE-2023-20260", lastModified: "2024-11-21T07:41:01.097", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.2, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-17T17:15:10.323", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-88", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-16 22:15
Modified
2024-11-21 07:40
Severity ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D31DFA66-3CD9-45B4-8F23-61234B50D5A9", versionEndExcluding: "7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F", versionEndExcluding: "3.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.\r\n\r These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.", }, ], id: "CVE-2023-20205", lastModified: "2024-11-21T07:40:50.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-16T22:15:11.127", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 01:29
Modified
2024-11-21 04:37
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/108339 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108339 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | network_level_service | 3.0\(0.0.83b\) | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6F09A4CD-6339-48F6-9408-3E5949316FE9", versionEndExcluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_level_service:3.0\\(0.0.83b\\):*:*:*:*:*:*:*", matchCriteriaId: "FCC948E4-B186-4FDC-84EB-B4F30F902FA1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "67CF7487-D071-4DE6-8E87-B379B24D7BBD", versionEndExcluding: "3.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.", }, { lang: "es", value: "Una vulnerabilidad en web-based management interface en Prime Infrastructure (PI) y Evolved Programmable Network (EPN) Manager de Cisco podría permitir que un atacante remoto autenticado ejecute código con privilegios de nivel raíz en el sistema operativo subyacente. Esta vulnerabilidad existe porque el programa valida incorrectamente la entrada proporcionada por el usuario. Un atacante podría aprovechar esta vulnerabilidad al cargar un archivo malicioso en web-based management interface . Un aprovechamiento exitoso podría permitir al atacante ejecutar código con privilegios de nivel raíz en el sistema operativo subyacente.", }, ], id: "CVE-2019-1823", lastModified: "2024-11-21T04:37:28.357", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T01:29:00.593", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108339", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108339", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-06 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | 1.2.0 | |
| cisco | prime_infrastructure | 1.2 | |
| cisco | prime_infrastructure | 1.2.0.103 | |
| cisco | prime_infrastructure | 1.2.1 | |
| cisco | prime_infrastructure | 1.3 | |
| cisco | prime_infrastructure | 1.3.0.20 | |
| cisco | prime_infrastructure | 1.4 | |
| cisco | prime_infrastructure | 1.4.0.45 | |
| cisco | prime_infrastructure | 1.4.1 | |
| cisco | prime_infrastructure | 1.4.2 | |
| cisco | prime_infrastructure | 2.0 | |
| cisco | prime_infrastructure | 2.1.0 | |
| cisco | prime_infrastructure | 2.2 | |
| sun | opensolaris | snv_124 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "3C057764-0A1B-41A9-A21B-F665480145AD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*", matchCriteriaId: "BA72A91C-0E65-420A-9DBE-3E0853EDB7C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*", matchCriteriaId: "B257E2F8-30EB-4BCC-8ACF-35DF73107AAC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8B48C1E6-7C18-4C6B-B402-9C0E1A931C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*", matchCriteriaId: "B64A7FCA-1DEA-45B2-9C69-CCDCC848D9B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*", matchCriteriaId: "E78D776C-AA8C-471D-A0C0-02428FA07A29", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*", matchCriteriaId: "9D3206E7-DC91-4861-AD32-46DA82509D5B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*", matchCriteriaId: "1704AC8E-BD7E-4882-8BB3-45B9E2AE0F10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "9ACB00E7-41E3-4221-8400-A279A75FD355", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "853315C7-01A7-4E83-9CBB-D45F6B5C4664", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*", matchCriteriaId: "EB157A80-3A03-4B8D-9B20-C456A953CF7E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7678B118-E00C-4B1E-8B40-D3233DE3615C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*", matchCriteriaId: "56394A07-6D74-4588-8C05-DE04959F7FC7", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", matchCriteriaId: "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.", }, { lang: "es", value: "Cisco Prime Infrastructure 1.2.0 hasta la versión 2.2(2) y Cisco Evolved Programmable Network Manager (EPNM) 1.2 permiten a atacantes remotos ejecutar código arbitrario a través de datos deserializados manipulados en una petición HTTP POST, también conocido como Bug ID CSCuw03192.", }, ], id: "CVE-2016-1291", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-06T23:59:11.847", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1035497", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://blogs.securiteam.com/index.php/archives/2727", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035497", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://blogs.securiteam.com/index.php/archives/2727", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-17 17:15
Modified
2024-11-21 07:41
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * | |
| cisco | prime_infrastructure | 3.10.4 | |
| cisco | prime_infrastructure | 3.10.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2AEC9133-19C1-4CC5-A1F4-187D2EF36B40", versionEndExcluding: "7.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F", versionEndExcluding: "3.10.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*", matchCriteriaId: "8E76E81B-A235-4A19-AAE4-319CB7840673", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*", matchCriteriaId: "774C7557-0D83-40A9-815C-4E32419A3B6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Prime Infrastructure podría permitir que un atacante remoto autenticado realice ataques de cross site scripting. Esta vulnerabilidad se debe a una validación inadecuada de la entrada proporcionada por el usuario en la interfaz de administración basada en web. Un atacante podría aprovechar esta vulnerabilidad enviando entradas maliciosas que contengan scripts o contenido HTML dentro de las solicitudes que se almacenarían en la interfaz de la aplicación. Una explotación exitosa podría permitir al atacante realizar ataques de cross site scripting contra otros usuarios de la aplicación afectada.", }, ], id: "CVE-2023-20257", lastModified: "2024-11-21T07:41:00.660", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-17T17:15:09.960", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-80", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-16 22:15
Modified
2024-11-21 07:40
Severity ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D31DFA66-3CD9-45B4-8F23-61234B50D5A9", versionEndExcluding: "7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F", versionEndExcluding: "3.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.\r\n\r These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.", }, ], id: "CVE-2023-20203", lastModified: "2024-11-21T07:40:49.437", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-16T22:15:11.023", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-10-27 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/93522 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1037006 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93522 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037006 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | 1.2 | |
| cisco | evolved_programmable_network_manager | 2.0 | |
| cisco | prime_infrastructure | 1.2 | |
| cisco | prime_infrastructure | 1.2.0.103 | |
| cisco | prime_infrastructure | 1.2.1 | |
| cisco | prime_infrastructure | 1.3 | |
| cisco | prime_infrastructure | 1.3.0.20 | |
| cisco | prime_infrastructure | 1.4 | |
| cisco | prime_infrastructure | 1.4.0.45 | |
| cisco | prime_infrastructure | 1.4.1 | |
| cisco | prime_infrastructure | 1.4.2 | |
| cisco | prime_infrastructure | 2.0 | |
| cisco | prime_infrastructure | 2.1.0 | |
| cisco | prime_infrastructure | 2.2 | |
| cisco | prime_infrastructure | 2.2\(2\) | |
| cisco | prime_infrastructure | 3.0 | |
| cisco | prime_infrastructure | 3.1 | |
| cisco | prime_infrastructure | 3.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2:*:*:*:*:*:*:*", matchCriteriaId: "56AFA6AB-2E75-4DFD-9C89-3050E7328C47", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0:*:*:*:*:*:*:*", matchCriteriaId: "E318D077-AEB7-42B3-B8CE-FE8D70BF992A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*", matchCriteriaId: "BA72A91C-0E65-420A-9DBE-3E0853EDB7C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*", matchCriteriaId: "B257E2F8-30EB-4BCC-8ACF-35DF73107AAC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8B48C1E6-7C18-4C6B-B402-9C0E1A931C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*", matchCriteriaId: "B64A7FCA-1DEA-45B2-9C69-CCDCC848D9B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*", matchCriteriaId: "E78D776C-AA8C-471D-A0C0-02428FA07A29", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*", matchCriteriaId: "9D3206E7-DC91-4861-AD32-46DA82509D5B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*", matchCriteriaId: "1704AC8E-BD7E-4882-8BB3-45B9E2AE0F10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "9ACB00E7-41E3-4221-8400-A279A75FD355", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "853315C7-01A7-4E83-9CBB-D45F6B5C4664", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*", matchCriteriaId: "EB157A80-3A03-4B8D-9B20-C456A953CF7E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7678B118-E00C-4B1E-8B40-D3233DE3615C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*", matchCriteriaId: "56394A07-6D74-4588-8C05-DE04959F7FC7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "7830BF63-55ED-4D8B-B380-1E78E338EA2D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.0:*:*:*:*:*:*:*", matchCriteriaId: "48F3C5A5-6C84-408D-B59A-265F8775C943", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*", matchCriteriaId: "27F4F1D6-82DA-4675-B734-D9C5371E6654", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BBD9A93C-FE79-4323-BBF1-F9B2CD559570", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A).", }, { lang: "es", value: "Una vulnerabilidad en Cisco Prime Infrastructure y en la interfaz de la base de datos SQL de Evolved Programmable Network Manager podría permitir a un atacante remoto autenticado impactar la confidencialidad del sistema ejecutando un subconjunto de consultas SQL arbitrarias que pueden provocar inestabilidad en el producto. Más información: CSCva27038, CSCva28335. Lanzamientos conocidos afectados: 3.1(0.128), 1.2(400), 2.0(1.0.34A).", }, ], id: "CVE-2016-6443", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-10-27T21:59:14.860", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93522", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037006", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93522", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-25 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | 1.2.0 | |
| cisco | evolved_programmable_network_manager | 1.2.1.3 | |
| cisco | evolved_programmable_network_manager | 1.2.200 | |
| cisco | evolved_programmable_network_manager | 1.2.300 | |
| cisco | prime_infrastructure | 1.2 | |
| cisco | prime_infrastructure | 1.2.0.103 | |
| cisco | prime_infrastructure | 1.2.1 | |
| cisco | prime_infrastructure | 1.3 | |
| cisco | prime_infrastructure | 1.3.0.20 | |
| cisco | prime_infrastructure | 1.4 | |
| cisco | prime_infrastructure | 1.4.0.45 | |
| cisco | prime_infrastructure | 1.4.1 | |
| cisco | prime_infrastructure | 1.4.2 | |
| cisco | prime_infrastructure | 2.0 | |
| cisco | prime_infrastructure | 2.1.0 | |
| cisco | prime_infrastructure | 2.2 | |
| cisco | prime_infrastructure | 2.2\(2\) | |
| cisco | prime_infrastructure | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "3C057764-0A1B-41A9-A21B-F665480145AD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "1AE45F94-2372-4CDD-A1E1-A4646F8D85AF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.200:*:*:*:*:*:*:*", matchCriteriaId: "8FD09D59-8557-4559-B0AB-71ECDEC77150", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.300:*:*:*:*:*:*:*", matchCriteriaId: "1E49859E-08F7-485D-8EA0-F1B6024B2413", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*", matchCriteriaId: "BA72A91C-0E65-420A-9DBE-3E0853EDB7C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*", matchCriteriaId: "B257E2F8-30EB-4BCC-8ACF-35DF73107AAC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8B48C1E6-7C18-4C6B-B402-9C0E1A931C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*", matchCriteriaId: "B64A7FCA-1DEA-45B2-9C69-CCDCC848D9B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*", matchCriteriaId: "E78D776C-AA8C-471D-A0C0-02428FA07A29", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*", matchCriteriaId: "9D3206E7-DC91-4861-AD32-46DA82509D5B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*", matchCriteriaId: "1704AC8E-BD7E-4882-8BB3-45B9E2AE0F10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "9ACB00E7-41E3-4221-8400-A279A75FD355", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "853315C7-01A7-4E83-9CBB-D45F6B5C4664", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*", matchCriteriaId: "EB157A80-3A03-4B8D-9B20-C456A953CF7E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7678B118-E00C-4B1E-8B40-D3233DE3615C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*", matchCriteriaId: "56394A07-6D74-4588-8C05-DE04959F7FC7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:2.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "7830BF63-55ED-4D8B-B380-1E78E338EA2D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.0:*:*:*:*:*:*:*", matchCriteriaId: "48F3C5A5-6C84-408D-B59A-265F8775C943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.", }, { lang: "es", value: "La interfaz web API en Cisco Prime Infrastructure en versiones anteriores a 3.1 y Cisco Evolved Programmable Network Manager en versiones anteriores a 1.2.4 permite a usuarios remotos autenticados eludir restricciones destinadas al RBAC y obtener información sensible, y consecuentemente obtener privilegios, a través de datos JSON manipulados, también conocida como Bug ID CSCuy12409.", }, ], id: "CVE-2016-1406", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-25T01:59:09.757", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1035948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035948", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-04 18:15
Modified
2024-11-21 06:11
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7837CBA3-AA56-4D86-B05E-8F2E8277D645", versionEndIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application.", }, { lang: "es", value: "Una vulnerabilidad en la API REST de Cisco Evolved Programmable Network Manager (EPNM) podría permitir a un atacante remoto autenticado acceder a datos confidenciales en un sistema afectado. Esta vulnerabilidad se presenta porque la aplicación no protege suficientemente los datos confidenciales cuando responde a una petición de la API. Un atacante podría explotar la vulnerabilidad mediante el envío de una petición específica de la API a la aplicación afectada. Una explotación con éxito podría permitir al atacante obtener información confidencial sobre la aplicación", }, ], id: "CVE-2021-34707", lastModified: "2024-11-21T06:11:00.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-04T18:15:09.947", references: [ { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-disc-PjTZ5r6C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-disc-PjTZ5r6C", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-02 03:15
Modified
2024-11-21 06:11
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D2FD2FA8-4139-4FB6-8509-8DA0043E372D", versionEndExcluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "11AD8E93-2B5E-4EFD-8CC7-92CC482F1FCB", versionEndExcluding: "3.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.", }, { lang: "es", value: "Una vulnerabilidad en la CLI de Cisco Prime Infrastructure y Cisco Evolved Programmable Network (EPN) Manager, podría permitir a un atacante local autenticado acceder a información confidencial almacenada en el sistema de archivos subyacente de un sistema afectado. Esta vulnerabilidad se presenta porque la información confidencial no está suficientemente protegida cuando se almacena. Un atacante podría explotar esta vulnerabilidad al conseguir acceso no autorizado a información confidencial en un sistema afectado. Una explotación con éxito podría permitir al atacante crear peticiones de autenticación falsas y conseguir acceso no autorizado al sistema afectado", }, ], id: "CVE-2021-34733", lastModified: "2024-11-21T06:11:04.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-02T03:15:06.637", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-17 17:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | * | |
| cisco | prime_infrastructure | * | |
| cisco | prime_infrastructure | 3.10.4 | |
| cisco | prime_infrastructure | 3.10.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2AEC9133-19C1-4CC5-A1F4-187D2EF36B40", versionEndExcluding: "7.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F", versionEndExcluding: "3.10.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*", matchCriteriaId: "8E76E81B-A235-4A19-AAE4-319CB7840673", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*", matchCriteriaId: "774C7557-0D83-40A9-815C-4E32419A3B6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Prime Infrastructure y Cisco Evolved Programmable Network Manager (EPNM) podría permitir que un atacante remoto autenticado realice ataques de inyección SQL en un sistema afectado. Esta vulnerabilidad se debe a una validación incorrecta de los parámetros enviados por el usuario. Un atacante podría aprovechar esta vulnerabilidad autenticándose en la aplicación y enviando solicitudes maliciosas a un sistema afectado. Una explotación exitosa podría permitir al atacante obtener y modificar información confidencial almacenada en la base de datos subyacente.", }, ], id: "CVE-2023-20271", lastModified: "2024-11-21T07:41:02.800", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-17T17:15:10.540", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-20069
Vulnerability from cvelistv5
Published
2023-03-03 00:00
Modified
2024-10-25 16:03
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:57:35.593Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20230301 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-pi-epnm-xss-mZShH2J", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20069", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-25T14:36:28.594307Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T16:03:26.166Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure ", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2023-03-01T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. ", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-03T00:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20230301 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-pi-epnm-xss-mZShH2J", }, ], source: { advisory: "cisco-sa-cisco-pi-epnm-xss-mZShH2J", defect: [ [ "CSCwd61777", "CSCwd62509", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20069", datePublished: "2023-03-03T00:00:00", dateReserved: "2022-10-27T00:00:00", dateUpdated: "2024-10-25T16:03:26.166Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1825
Vulnerability from cvelistv5
Published
2019-05-16 01:10
Modified
2024-11-20 17:18
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108337 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: 3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.882Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject", }, { name: "108337", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108337", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1825", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:54:24.730978Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:18:48.613Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "3.4", }, ], }, ], datePublic: "2019-05-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T09:06:04", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject", }, { name: "108337", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108337", }, ], source: { advisory: "cisco-sa-20190515-pi-sqlinject", defect: [ [ "CSCvo23576", "CSCvo28734", "CSCvo62268", "CSCvo62275", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-05-15T16:00:00-0700", ID: "CVE-2019-1825", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "3.4", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "8.1", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89", }, ], }, ], }, references: { reference_data: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject", }, { name: "108337", refsource: "BID", url: "http://www.securityfocus.com/bid/108337", }, ], }, source: { advisory: "cisco-sa-20190515-pi-sqlinject", defect: [ [ "CSCvo23576", "CSCvo28734", "CSCvo62268", "CSCvo62275", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1825", datePublished: "2019-05-16T01:10:14.047939Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:18:48.613Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20260
Vulnerability from cvelistv5
Published
2024-01-17 16:57
Modified
2024-11-13 19:51
Severity ?
EPSS score ?
Summary
A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Prime Infrastructure |
Version: 2.0.0 Version: 2.0.10 Version: 2.0.39 Version: 2.1.0 Version: 2.1.1 Version: 2.1.2 Version: 2.1.56 Version: 2.2.0 Version: 2.2.1 Version: 2.2.2 Version: 2.2.3 Version: 2.2.10 Version: 2.2.8 Version: 2.2.4 Version: 2.2.7 Version: 2.2.5 Version: 2.2.9 Version: 2.2.1 Update 01 Version: 2.2.2 Update 03 Version: 2.2.2 Update 04 Version: 2.2.3 Update 02 Version: 2.2.3 Update 03 Version: 2.2.3 Update 04 Version: 2.2.3 Update 05 Version: 2.2.3 Update 06 Version: 3.0.0 Version: 3.0.1 Version: 3.0.2 Version: 3.0.3 Version: 3.0.4 Version: 3.0.6 Version: 3.0.5 Version: 3.0.7 Version: 3.1.0 Version: 3.1.1 Version: 3.1.7 Version: 3.1.5 Version: 3.1.2 Version: 3.1.3 Version: 3.1.4 Version: 3.1.6 Version: 3.2.2 Version: 3.2.0-FIPS Version: 3.2.1 Version: 3.3.0 Version: 3.3.1 Version: 3.3.0 Update 01 Version: 3.4.0 Version: 3.4.1 Version: 3.4.2 Version: 3.4.1 Update 01 Version: 3.4.1 Update 02 Version: 3.4.2 Update 01 Version: 3.5.0 Version: 3.5.1 Version: 3.5.0 Update 01 Version: 3.5.0 Update 02 Version: 3.5.0 Update 03 Version: 3.5.1 Update 01 Version: 3.5.1 Update 02 Version: 3.5.1 Update 03 Version: 3.6.0 Version: 3.6.0 Update 01 Version: 3.6.0 Update 02 Version: 3.6.0 Update 03 Version: 3.6.0 Update 04 Version: 2.1 Version: 2.2 Version: 3.2 Version: 3.4_DP1 Version: 3.4_DP3 Version: 3.4_DP2 Version: 3.5_DP1 Version: 3.4_DP7 Version: 3.4_DP10 Version: 3.4_DP5 Version: 3.1_DP15 Version: 3.4_DP11 Version: 3.4_DP8 Version: 3.7_DP1 Version: 3.3_DP4 Version: 3.10_DP1 Version: 3.8_DP1 Version: 3.7_DP2 Version: 3.6_DP1 Version: 3.1_DP16 Version: 3.5_DP4 Version: 3.3_DP3 Version: 3.2_DP2 Version: 3.4_DP4 Version: 3.1_DP14 Version: 3.1_DP6 Version: 3.1_DP9 Version: 3.4_DP6 Version: 3.2_DP3 Version: 3.4_DP9 Version: 3.3_DP2 Version: 3.2_DP1 Version: 3.1_DP10 Version: 3.9_DP1 Version: 3.3_DP1 Version: 3.1_DP13 Version: 3.5_DP2 Version: 3.1_DP12 Version: 3.1_DP4 Version: 3.5_DP3 Version: 3.1_DP8 Version: 3.1_DP7 Version: 3.2_DP4 Version: 3.1_DP11 Version: 3.1_DP5 Version: 3.7.0 Version: 3.7.1 Version: 3.7.1 Update 04 Version: 3.7.1 Update 06 Version: 3.7.1 Update 07 Version: 3.7.1 Update 03 Version: 3.7.0 Update 03 Version: 3.7.1 Update 01 Version: 3.7.1 Update 02 Version: 3.7.1 Update 05 Version: 3.8.0 Version: 3.8.1 Version: 3.8.1 Update 02 Version: 3.8.1 Update 04 Version: 3.8.1 Update 01 Version: 3.8.1 Update 03 Version: 3.8.0 Update 01 Version: 3.8.0 Update 02 Version: 3.9.0 Version: 3.9.1 Version: 3.9.1 Update 02 Version: 3.9.1 Update 03 Version: 3.9.1 Update 01 Version: 3.9.1 Update 04 Version: 3.9.0 Update 01 Version: 3.10.0 Version: 3.10.3 Version: 3.10.1 Version: 3.10.2 Version: 3.10 Update 01 Version: 3.10.4 Version: 3.10.4 Update 01 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.854Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-pi-epnm-wkZJeyeq", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20260", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-23T20:54:32.408511Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T19:51:35.114Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "2.0.0", }, { status: "affected", version: "2.0.10", }, { status: "affected", version: "2.0.39", }, { status: "affected", version: "2.1.0", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.56", }, { status: "affected", version: "2.2.0", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2.2", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.10", }, { status: "affected", version: "2.2.8", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.7", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "2.2.9", }, { status: "affected", version: "2.2.1 Update 01", }, { status: "affected", version: "2.2.2 Update 03", }, { status: "affected", version: "2.2.2 Update 04", }, { status: "affected", version: "2.2.3 Update 02", }, { status: "affected", version: "2.2.3 Update 03", }, { status: "affected", version: "2.2.3 Update 04", }, { status: "affected", version: "2.2.3 Update 05", }, { status: "affected", version: "2.2.3 Update 06", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0.4", }, { status: "affected", version: "3.0.6", }, { status: "affected", version: "3.0.5", }, { status: "affected", version: "3.0.7", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.7", }, { status: "affected", version: "3.1.5", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1.4", }, { status: "affected", version: "3.1.6", }, { status: "affected", version: "3.2.2", }, { status: "affected", version: "3.2.0-FIPS", }, { status: "affected", version: "3.2.1", }, { status: "affected", version: "3.3.0", }, { status: "affected", version: "3.3.1", }, { status: "affected", version: "3.3.0 Update 01", }, { status: "affected", version: "3.4.0", }, { status: "affected", version: "3.4.1", }, { status: "affected", version: "3.4.2", }, { status: "affected", version: "3.4.1 Update 01", }, { status: "affected", version: "3.4.1 Update 02", }, { status: "affected", version: "3.4.2 Update 01", }, { status: "affected", version: "3.5.0", }, { status: "affected", version: "3.5.1", }, { status: "affected", version: "3.5.0 Update 01", }, { status: "affected", version: "3.5.0 Update 02", }, { status: "affected", version: "3.5.0 Update 03", }, { status: "affected", version: "3.5.1 Update 01", }, { status: "affected", version: "3.5.1 Update 02", }, { status: "affected", version: "3.5.1 Update 03", }, { status: "affected", version: "3.6.0", }, { status: "affected", version: "3.6.0 Update 01", }, { status: "affected", version: "3.6.0 Update 02", }, { status: "affected", version: "3.6.0 Update 03", }, { status: "affected", version: "3.6.0 Update 04", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "3.2", }, { status: "affected", version: "3.4_DP1", }, { status: "affected", version: "3.4_DP3", }, { status: "affected", version: "3.4_DP2", }, { status: "affected", version: "3.5_DP1", }, { status: "affected", version: "3.4_DP7", }, { status: "affected", version: "3.4_DP10", }, { status: "affected", version: "3.4_DP5", }, { status: "affected", version: "3.1_DP15", }, { status: "affected", version: "3.4_DP11", }, { status: "affected", version: "3.4_DP8", }, { status: "affected", version: "3.7_DP1", }, { status: "affected", version: "3.3_DP4", }, { status: "affected", version: "3.10_DP1", }, { status: "affected", version: "3.8_DP1", }, { status: "affected", version: "3.7_DP2", }, { status: "affected", version: "3.6_DP1", }, { status: "affected", version: "3.1_DP16", }, { status: "affected", version: "3.5_DP4", }, { status: "affected", version: "3.3_DP3", }, { status: "affected", version: "3.2_DP2", }, { status: "affected", version: "3.4_DP4", }, { status: "affected", version: "3.1_DP14", }, { status: "affected", version: "3.1_DP6", }, { status: "affected", version: "3.1_DP9", }, { status: "affected", version: "3.4_DP6", }, { status: "affected", version: "3.2_DP3", }, { status: "affected", version: "3.4_DP9", }, { status: "affected", version: "3.3_DP2", }, { status: "affected", version: "3.2_DP1", }, { status: "affected", version: "3.1_DP10", }, { status: "affected", version: "3.9_DP1", }, { status: "affected", version: "3.3_DP1", }, { status: "affected", version: "3.1_DP13", }, { status: "affected", version: "3.5_DP2", }, { status: "affected", version: "3.1_DP12", }, { status: "affected", version: "3.1_DP4", }, { status: "affected", version: "3.5_DP3", }, { status: "affected", version: "3.1_DP8", }, { status: "affected", version: "3.1_DP7", }, { status: "affected", version: "3.2_DP4", }, { status: "affected", version: "3.1_DP11", }, { status: "affected", version: "3.1_DP5", }, { status: "affected", version: "3.7.0", }, { status: "affected", version: "3.7.1", }, { status: "affected", version: "3.7.1 Update 04", }, { status: "affected", version: "3.7.1 Update 06", }, { status: "affected", version: "3.7.1 Update 07", }, { status: "affected", version: "3.7.1 Update 03", }, { status: "affected", version: "3.7.0 Update 03", }, { status: "affected", version: "3.7.1 Update 01", }, { status: "affected", version: "3.7.1 Update 02", }, { status: "affected", version: "3.7.1 Update 05", }, { status: "affected", version: "3.8.0", }, { status: "affected", version: "3.8.1", }, { status: "affected", version: "3.8.1 Update 02", }, { status: "affected", version: "3.8.1 Update 04", }, { status: "affected", version: "3.8.1 Update 01", }, { status: "affected", version: "3.8.1 Update 03", }, { status: "affected", version: "3.8.0 Update 01", }, { status: "affected", version: "3.8.0 Update 02", }, { status: "affected", version: "3.9.0", }, { status: "affected", version: "3.9.1", }, { status: "affected", version: "3.9.1 Update 02", }, { status: "affected", version: "3.9.1 Update 03", }, { status: "affected", version: "3.9.1 Update 01", }, { status: "affected", version: "3.9.1 Update 04", }, { status: "affected", version: "3.9.0 Update 01", }, { status: "affected", version: "3.10.0", }, { status: "affected", version: "3.10.3", }, { status: "affected", version: "3.10.1", }, { status: "affected", version: "3.10.2", }, { status: "affected", version: "3.10 Update 01", }, { status: "affected", version: "3.10.4", }, { status: "affected", version: "3.10.4 Update 01", }, ], }, { product: "Cisco Evolved Programmable Network Manager (EPNM)", vendor: "Cisco", versions: [ { status: "affected", version: "1.2.6", }, { status: "affected", version: "1.2.2", }, { status: "affected", version: "1.2.3", }, { status: "affected", version: "1.2.5", }, { status: "affected", version: "1.2.1.2", }, { status: "affected", version: "1.2.4", }, { status: "affected", version: "1.2.7", }, { status: "affected", version: "1.2", }, { status: "affected", version: "1.2.2.4", }, { status: "affected", version: "1.2.4.2", }, { status: "affected", version: "2.0.2", }, { status: "affected", version: "2.0.4", }, { status: "affected", version: "2.0.3", }, { status: "affected", version: "2.0.1", }, { status: "affected", version: "2.0", }, { status: "affected", version: "2.0.1.1", }, { status: "affected", version: "2.0.2.1", }, { status: "affected", version: "2.0.4.1", }, { status: "affected", version: "2.0.4.2", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.3", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.1.1.1", }, { status: "affected", version: "2.1.1.3", }, { status: "affected", version: "2.1.1.4", }, { status: "affected", version: "2.1.2.2", }, { status: "affected", version: "2.1.2.3", }, { status: "affected", version: "2.1.3.2", }, { status: "affected", version: "2.1.3.3", }, { status: "affected", version: "2.1.3.4", }, { status: "affected", version: "2.1.3.5", }, { status: "affected", version: "2.1.4", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "2.2.1.1", }, { status: "affected", version: "2.2.1.2", }, { status: "affected", version: "2.2.1.3", }, { status: "affected", version: "2.2.1.4", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1", }, { status: "affected", version: "4.1.1", }, { status: "affected", version: "4.1", }, { status: "affected", version: "4.1.1.1", }, { status: "affected", version: "4.1.1.2", }, { status: "affected", version: "4.0.3", }, { status: "affected", version: "4.0.1", }, { status: "affected", version: "4.0.2", }, { status: "affected", version: "4.0", }, { status: "affected", version: "4.0.3.1", }, { status: "affected", version: "5.0.1", }, { status: "affected", version: "5.0.2", }, { status: "affected", version: "5.0.2.5", }, { status: "affected", version: "5.0.2.3", }, { status: "affected", version: "5.0.2.4", }, { status: "affected", version: "5.0.2.1", }, { status: "affected", version: "5.0.2.2", }, { status: "affected", version: "5.0", }, { status: "affected", version: "5.0.2.6", }, { status: "affected", version: "5.1.1", }, { status: "affected", version: "5.1.2", }, { status: "affected", version: "5.1.3", }, { status: "affected", version: "5.1.4", }, { status: "affected", version: "5.1.4.2", }, { status: "affected", version: "5.1.4.1", }, { status: "affected", version: "5.1.4.3", }, { status: "affected", version: "5.1", }, { status: "affected", version: "5.1.3.1", }, { status: "affected", version: "5.1.3.2", }, { status: "affected", version: "5.1.4.4", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "6.0.0", }, { status: "affected", version: "6.0.2", }, { status: "affected", version: "6.0.1", }, { status: "affected", version: "6.0.2.1", }, { status: "affected", version: "6.0.1.1", }, { status: "affected", version: "6.0.3", }, { status: "affected", version: "6.0.3.1", }, { status: "affected", version: "6.1.1", }, { status: "affected", version: "6.1.1.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.1.2", }, { status: "affected", version: "6.1.1.2.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "Improper Access Control", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-02T15:42:32.625Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-pi-epnm-wkZJeyeq", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], source: { advisory: "cisco-sa-pi-epnm-wkZJeyeq", defects: [ "CSCwf81865", "CSCwf83560", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20260", datePublished: "2024-01-17T16:57:33.285Z", dateReserved: "2022-10-27T18:47:50.373Z", dateUpdated: "2024-11-13T19:51:35.114Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20258
Vulnerability from cvelistv5
Published
2024-01-17 16:56
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. An attacker could exploit this vulnerability by uploading a document containing malicious serialized Java objects to be processed by the affected application. A successful exploit could allow the attacker to cause the application to execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: 2.0.0 Version: 2.0.10 Version: 2.0.39 Version: 2.1.0 Version: 2.1.1 Version: 2.1.2 Version: 2.1.56 Version: 2.2.0 Version: 2.2.1 Version: 2.2.2 Version: 2.2.3 Version: 2.2.10 Version: 2.2.8 Version: 2.2.4 Version: 2.2.7 Version: 2.2.5 Version: 2.2.9 Version: 2.2.1 Update 01 Version: 2.2.2 Update 03 Version: 2.2.2 Update 04 Version: 2.2.3 Update 02 Version: 2.2.3 Update 03 Version: 2.2.3 Update 04 Version: 2.2.3 Update 05 Version: 2.2.3 Update 06 Version: 3.0.0 Version: 3.0.1 Version: 3.0.2 Version: 3.0.3 Version: 3.0.4 Version: 3.0.6 Version: 3.0.5 Version: 3.0.7 Version: 3.1.0 Version: 3.1.1 Version: 3.1.7 Version: 3.1.5 Version: 3.1.2 Version: 3.1.3 Version: 3.1.4 Version: 3.1.6 Version: 3.2.2 Version: 3.2.0-FIPS Version: 3.2.1 Version: 3.3.0 Version: 3.3.1 Version: 3.3.0 Update 01 Version: 3.4.0 Version: 3.4.1 Version: 3.4.2 Version: 3.4.1 Update 01 Version: 3.4.1 Update 02 Version: 3.4.2 Update 01 Version: 3.5.0 Version: 3.5.1 Version: 3.5.0 Update 01 Version: 3.5.0 Update 02 Version: 3.5.0 Update 03 Version: 3.5.1 Update 01 Version: 3.5.1 Update 02 Version: 3.5.1 Update 03 Version: 3.6.0 Version: 3.6.0 Update 01 Version: 3.6.0 Update 02 Version: 3.6.0 Update 03 Version: 3.6.0 Update 04 Version: 2.1 Version: 2.2 Version: 3.2 Version: 3.4_DP1 Version: 3.4_DP3 Version: 3.4_DP2 Version: 3.5_DP1 Version: 3.4_DP7 Version: 3.4_DP10 Version: 3.4_DP5 Version: 3.1_DP15 Version: 3.4_DP11 Version: 3.4_DP8 Version: 3.7_DP1 Version: 3.3_DP4 Version: 3.10_DP1 Version: 3.8_DP1 Version: 3.7_DP2 Version: 3.6_DP1 Version: 3.1_DP16 Version: 3.5_DP4 Version: 3.3_DP3 Version: 3.2_DP2 Version: 3.4_DP4 Version: 3.1_DP14 Version: 3.1_DP6 Version: 3.1_DP9 Version: 3.4_DP6 Version: 3.2_DP3 Version: 3.4_DP9 Version: 3.3_DP2 Version: 3.2_DP1 Version: 3.1_DP10 Version: 3.9_DP1 Version: 3.3_DP1 Version: 3.1_DP13 Version: 3.5_DP2 Version: 3.1_DP12 Version: 3.1_DP4 Version: 3.5_DP3 Version: 3.1_DP8 Version: 3.1_DP7 Version: 3.2_DP4 Version: 3.1_DP11 Version: 3.1_DP5 Version: 3.7.0 Version: 3.7.1 Version: 3.7.1 Update 04 Version: 3.7.1 Update 06 Version: 3.7.1 Update 07 Version: 3.7.1 Update 03 Version: 3.7.0 Update 03 Version: 3.7.1 Update 01 Version: 3.7.1 Update 02 Version: 3.7.1 Update 05 Version: 3.8.0 Version: 3.8.1 Version: 3.8.1 Update 02 Version: 3.8.1 Update 04 Version: 3.8.1 Update 01 Version: 3.8.1 Update 03 Version: 3.8.0 Update 01 Version: 3.8.0 Update 02 Version: 3.9.0 Version: 3.9.1 Version: 3.9.1 Update 02 Version: 3.9.1 Update 03 Version: 3.9.1 Update 01 Version: 3.9.1 Update 04 Version: 3.9.0 Update 01 Version: 3.10.0 Version: 3.10.3 Version: 3.10.1 Version: 3.10.2 Version: 3.10 Update 01 Version: 3.10.4 Version: 3.10.4 Update 01 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.215Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-pi-epnm-wkZJeyeq", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "2.0.0", }, { status: "affected", version: "2.0.10", }, { status: "affected", version: "2.0.39", }, { status: "affected", version: "2.1.0", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.56", }, { status: "affected", version: "2.2.0", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2.2", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.10", }, { status: "affected", version: "2.2.8", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.7", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "2.2.9", }, { status: "affected", version: "2.2.1 Update 01", }, { status: "affected", version: "2.2.2 Update 03", }, { status: "affected", version: "2.2.2 Update 04", }, { status: "affected", version: "2.2.3 Update 02", }, { status: "affected", version: "2.2.3 Update 03", }, { status: "affected", version: "2.2.3 Update 04", }, { status: "affected", version: "2.2.3 Update 05", }, { status: "affected", version: "2.2.3 Update 06", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0.4", }, { status: "affected", version: "3.0.6", }, { status: "affected", version: "3.0.5", }, { status: "affected", version: "3.0.7", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.7", }, { status: "affected", version: "3.1.5", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1.4", }, { status: "affected", version: "3.1.6", }, { status: "affected", version: "3.2.2", }, { status: "affected", version: "3.2.0-FIPS", }, { status: "affected", version: "3.2.1", }, { status: "affected", version: "3.3.0", }, { status: "affected", version: "3.3.1", }, { status: "affected", version: "3.3.0 Update 01", }, { status: "affected", version: "3.4.0", }, { status: "affected", version: "3.4.1", }, { status: "affected", version: "3.4.2", }, { status: "affected", version: "3.4.1 Update 01", }, { status: "affected", version: "3.4.1 Update 02", }, { status: "affected", version: "3.4.2 Update 01", }, { status: "affected", version: "3.5.0", }, { status: "affected", version: "3.5.1", }, { status: "affected", version: "3.5.0 Update 01", }, { status: "affected", version: "3.5.0 Update 02", }, { status: "affected", version: "3.5.0 Update 03", }, { status: "affected", version: "3.5.1 Update 01", }, { status: "affected", version: "3.5.1 Update 02", }, { status: "affected", version: "3.5.1 Update 03", }, { status: "affected", version: "3.6.0", }, { status: "affected", version: "3.6.0 Update 01", }, { status: "affected", version: "3.6.0 Update 02", }, { status: "affected", version: "3.6.0 Update 03", }, { status: "affected", version: "3.6.0 Update 04", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "3.2", }, { status: "affected", version: "3.4_DP1", }, { status: "affected", version: "3.4_DP3", }, { status: "affected", version: "3.4_DP2", }, { status: "affected", version: "3.5_DP1", }, { status: "affected", version: "3.4_DP7", }, { status: "affected", version: "3.4_DP10", }, { status: "affected", version: "3.4_DP5", }, { status: "affected", version: "3.1_DP15", }, { status: "affected", version: "3.4_DP11", }, { status: "affected", version: "3.4_DP8", }, { status: "affected", version: "3.7_DP1", }, { status: "affected", version: "3.3_DP4", }, { status: "affected", version: "3.10_DP1", }, { status: "affected", version: "3.8_DP1", }, { status: "affected", version: "3.7_DP2", }, { status: "affected", version: "3.6_DP1", }, { status: "affected", version: "3.1_DP16", }, { status: "affected", version: "3.5_DP4", }, { status: "affected", version: "3.3_DP3", }, { status: "affected", version: "3.2_DP2", }, { status: "affected", version: "3.4_DP4", }, { status: "affected", version: "3.1_DP14", }, { status: "affected", version: "3.1_DP6", }, { status: "affected", version: "3.1_DP9", }, { status: "affected", version: "3.4_DP6", }, { status: "affected", version: "3.2_DP3", }, { status: "affected", version: "3.4_DP9", }, { status: "affected", version: "3.3_DP2", }, { status: "affected", version: "3.2_DP1", }, { status: "affected", version: "3.1_DP10", }, { status: "affected", version: "3.9_DP1", }, { status: "affected", version: "3.3_DP1", }, { status: "affected", version: "3.1_DP13", }, { status: "affected", version: "3.5_DP2", }, { status: "affected", version: "3.1_DP12", }, { status: "affected", version: "3.1_DP4", }, { status: "affected", version: "3.5_DP3", }, { status: "affected", version: "3.1_DP8", }, { status: "affected", version: "3.1_DP7", }, { status: "affected", version: "3.2_DP4", }, { status: "affected", version: "3.1_DP11", }, { status: "affected", version: "3.1_DP5", }, { status: "affected", version: "3.7.0", }, { status: "affected", version: "3.7.1", }, { status: "affected", version: "3.7.1 Update 04", }, { status: "affected", version: "3.7.1 Update 06", }, { status: "affected", version: "3.7.1 Update 07", }, { status: "affected", version: "3.7.1 Update 03", }, { status: "affected", version: "3.7.0 Update 03", }, { status: "affected", version: "3.7.1 Update 01", }, { status: "affected", version: "3.7.1 Update 02", }, { status: "affected", version: "3.7.1 Update 05", }, { status: "affected", version: "3.8.0", }, { status: "affected", version: "3.8.1", }, { status: "affected", version: "3.8.1 Update 02", }, { status: "affected", version: "3.8.1 Update 04", }, { status: "affected", version: "3.8.1 Update 01", }, { status: "affected", version: "3.8.1 Update 03", }, { status: "affected", version: "3.8.0 Update 01", }, { status: "affected", version: "3.8.0 Update 02", }, { status: "affected", version: "3.9.0", }, { status: "affected", version: "3.9.1", }, { status: "affected", version: "3.9.1 Update 02", }, { status: "affected", version: "3.9.1 Update 03", }, { status: "affected", version: "3.9.1 Update 01", }, { status: "affected", version: "3.9.1 Update 04", }, { status: "affected", version: "3.9.0 Update 01", }, { status: "affected", version: "3.10.0", }, { status: "affected", version: "3.10.3", }, { status: "affected", version: "3.10.1", }, { status: "affected", version: "3.10.2", }, { status: "affected", version: "3.10 Update 01", }, { status: "affected", version: "3.10.4", }, { status: "affected", version: "3.10.4 Update 01", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. An attacker could exploit this vulnerability by uploading a document containing malicious serialized Java objects to be processed by the affected application. A successful exploit could allow the attacker to cause the application to execute arbitrary commands.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], providerMetadata: { dateUpdated: "2024-02-02T15:42:32.072Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-pi-epnm-wkZJeyeq", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], source: { advisory: "cisco-sa-pi-epnm-wkZJeyeq", defects: [ "CSCwf81859", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20258", datePublished: "2024-01-17T16:56:57.318Z", dateReserved: "2022-10-27T18:47:50.372Z", dateUpdated: "2024-08-02T09:05:36.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1306
Vulnerability from cvelistv5
Published
2021-05-22 06:40
Modified
2024-11-08 23:15
Severity ?
EPSS score ?
Summary
A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A successful exploit could allow the attacker to identify file directories on the affected device and write arbitrary files to the file system on the affected device. To exploit this vulnerability, the attacker must be an authenticated shell user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.383Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210519 Cisco ADE-OS Local File Inclusion Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1306", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:43:01.868640Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T23:15:33.974Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Identity Services Engine Software", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-05-19T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A successful exploit could allow the attacker to identify file directories on the affected device and write arbitrary files to the file system on the affected device. To exploit this vulnerability, the attacker must be an authenticated shell user.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-73", description: "CWE-73", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-22T06:40:10", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210519 Cisco ADE-OS Local File Inclusion Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ", }, ], source: { advisory: "cisco-sa-ade-xcvAQEOZ", defect: [ [ "CSCvv57166", "CSCvw47125", "CSCvw48396", ], ], discovery: "INTERNAL", }, title: "Cisco ADE-OS Local File Inclusion Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-05-19T16:00:00", ID: "CVE-2021-1306", STATE: "PUBLIC", TITLE: "Cisco ADE-OS Local File Inclusion Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Identity Services Engine Software", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A successful exploit could allow the attacker to identify file directories on the affected device and write arbitrary files to the file system on the affected device. To exploit this vulnerability, the attacker must be an authenticated shell user.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.4", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-73", }, ], }, ], }, references: { reference_data: [ { name: "20210519 Cisco ADE-OS Local File Inclusion Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ", }, ], }, source: { advisory: "cisco-sa-ade-xcvAQEOZ", defect: [ [ "CSCvv57166", "CSCvw47125", "CSCvw48396", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1306", datePublished: "2021-05-22T06:40:10.801293Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T23:15:33.974Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6662
Vulnerability from cvelistv5
Published
2017-06-26 07:00
Modified
2024-08-05 15:33
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries which could allow the attacker to read and write files and execute remote code within the application, aka XML Injection. Cisco Prime Infrastructure software releases 1.1 through 3.1.6 are vulnerable. Cisco EPNM software releases 1.2, 2.0, and 2.1 are vulnerable. Cisco Bug IDs: CSCvc23894 CSCvc49561.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm1 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038750 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/99194 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Prime Infrastructure and Evolved Programmable Network Manager |
Version: Cisco Prime Infrastructure and Evolved Programmable Network Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:33:20.477Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm1", }, { name: "1038750", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038750", }, { name: "99194", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99194", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure and Evolved Programmable Network Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Prime Infrastructure and Evolved Programmable Network Manager", }, ], }, ], datePublic: "2017-06-25T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries which could allow the attacker to read and write files and execute remote code within the application, aka XML Injection. Cisco Prime Infrastructure software releases 1.1 through 3.1.6 are vulnerable. Cisco EPNM software releases 1.2, 2.0, and 2.1 are vulnerable. Cisco Bug IDs: CSCvc23894 CSCvc49561.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-06T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm1", }, { name: "1038750", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038750", }, { name: "99194", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99194", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-6662", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure and Evolved Programmable Network Manager", version: { version_data: [ { version_value: "Cisco Prime Infrastructure and Evolved Programmable Network Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries which could allow the attacker to read and write files and execute remote code within the application, aka XML Injection. Cisco Prime Infrastructure software releases 1.1 through 3.1.6 are vulnerable. Cisco EPNM software releases 1.2, 2.0, and 2.1 are vulnerable. Cisco Bug IDs: CSCvc23894 CSCvc49561.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm1", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm1", }, { name: "1038750", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038750", }, { name: "99194", refsource: "BID", url: "http://www.securityfocus.com/bid/99194", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6662", datePublished: "2017-06-26T07:00:00", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-08-05T15:33:20.477Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34784
Vulnerability from cvelistv5
Published
2021-11-04 15:40
Modified
2024-11-07 21:42
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:19:48.219Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20211103 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-34784", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T21:39:36.980540Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T21:42:48.980Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-11-03T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-04T15:40:12", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20211103 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j", }, ], source: { advisory: "cisco-sa-pi-epnm-xss-U2JK537j", defect: [ [ "CSCvz07282", "CSCvz09504", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-11-03T16:00:00", ID: "CVE-2021-34784", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.", }, ], impact: { cvss: { baseScore: "5.4", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20211103 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j", }, ], }, source: { advisory: "cisco-sa-pi-epnm-xss-U2JK537j", defect: [ [ "CSCvz07282", "CSCvz09504", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-34784", datePublished: "2021-11-04T15:40:12.197627Z", dateReserved: "2021-06-15T00:00:00", dateUpdated: "2024-11-07T21:42:48.980Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6443
Vulnerability from cvelistv5
Published
2016-10-27 21:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A).
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93522 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037006 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Prime Infrastructure and Evolved Programmable Network Manager 3.1(0.128), 1.2(400), 2.0(1.0.34A) |
Version: Cisco Prime Infrastructure and Evolved Programmable Network Manager 3.1(0.128), 1.2(400), 2.0(1.0.34A) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:29:20.047Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime", }, { name: "93522", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93522", }, { name: "1037006", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037006", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure and Evolved Programmable Network Manager 3.1(0.128), 1.2(400), 2.0(1.0.34A)", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Prime Infrastructure and Evolved Programmable Network Manager 3.1(0.128), 1.2(400), 2.0(1.0.34A)", }, ], }, ], datePublic: "2016-10-27T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A).", }, ], problemTypes: [ { descriptions: [ { description: "unspecified", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime", }, { name: "93522", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93522", }, { name: "1037006", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037006", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-6443", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure and Evolved Programmable Network Manager 3.1(0.128), 1.2(400), 2.0(1.0.34A)", version: { version_data: [ { version_value: "Cisco Prime Infrastructure and Evolved Programmable Network Manager 3.1(0.128), 1.2(400), 2.0(1.0.34A)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "unspecified", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime", }, { name: "93522", refsource: "BID", url: "http://www.securityfocus.com/bid/93522", }, { name: "1037006", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037006", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-6443", datePublished: "2016-10-27T21:00:00", dateReserved: "2016-07-26T00:00:00", dateUpdated: "2024-08-06T01:29:20.047Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3884
Vulnerability from cvelistv5
Published
2017-04-07 17:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038189 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97470 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager |
Version: Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.120Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038189", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038189", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi", }, { name: "97470", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97470", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager", }, ], }, ], datePublic: "2017-04-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1038189", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038189", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi", }, { name: "97470", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97470", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3884", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager", version: { version_data: [ { version_value: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "1038189", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038189", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi", }, { name: "97470", refsource: "BID", url: "http://www.securityfocus.com/bid/97470", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3884", datePublished: "2017-04-07T17:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.120Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1289
Vulnerability from cvelistv5
Published
2016-07-02 14:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91504 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036195 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:48:13.661Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "91504", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91504", }, { name: "1036195", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036195", }, { name: "20160629 Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-30T00:00:00", descriptions: [ { lang: "en", value: "The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-31T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "91504", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91504", }, { name: "1036195", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036195", }, { name: "20160629 Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-1289", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "91504", refsource: "BID", url: "http://www.securityfocus.com/bid/91504", }, { name: "1036195", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036195", }, { name: "20160629 Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-1289", datePublished: "2016-07-02T14:00:00", dateReserved: "2016-01-04T00:00:00", dateUpdated: "2024-08-05T22:48:13.661Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20201
Vulnerability from cvelistv5
Published
2023-08-16 21:39
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Prime Infrastructure |
Version: 2.0.0 Version: 2.0.10 Version: 2.0.39 Version: 2.1.0 Version: 2.1.1 Version: 2.1.2 Version: 2.1.56 Version: 2.2.0 Version: 2.2.1 Version: 2.2.2 Version: 2.2.3 Version: 2.2.10 Version: 2.2.8 Version: 2.2.4 Version: 2.2.7 Version: 2.2.5 Version: 2.2.9 Version: 2.2.1 Update 01 Version: 2.2.2 Update 03 Version: 2.2.2 Update 04 Version: 2.2.3 Update 02 Version: 2.2.3 Update 03 Version: 2.2.3 Update 04 Version: 2.2.3 Update 05 Version: 2.2.3 Update 06 Version: 3.0.0 Version: 3.0.1 Version: 3.0.2 Version: 3.0.3 Version: 3.0.4 Version: 3.0.6 Version: 3.0.5 Version: 3.0.7 Version: 3.1.0 Version: 3.1.1 Version: 3.1.7 Version: 3.1.5 Version: 3.1.2 Version: 3.1.3 Version: 3.1.4 Version: 3.1.6 Version: 3.2.2 Version: 3.2.0-FIPS Version: 3.2.1 Version: 3.3.0 Version: 3.3.1 Version: 3.3.0 Update 01 Version: 3.4.0 Version: 3.4.1 Version: 3.4.2 Version: 3.4.1 Update 01 Version: 3.4.1 Update 02 Version: 3.4.2 Update 01 Version: 3.5.0 Version: 3.5.1 Version: 3.5.0 Update 01 Version: 3.5.0 Update 02 Version: 3.5.0 Update 03 Version: 3.5.1 Update 01 Version: 3.5.1 Update 02 Version: 3.5.1 Update 03 Version: 3.6.0 Version: 3.6.0 Update 01 Version: 3.6.0 Update 02 Version: 3.6.0 Update 03 Version: 3.6.0 Update 04 Version: 2.1 Version: 2.2 Version: 3.2 Version: 3.4_DP1 Version: 3.4_DP3 Version: 3.4_DP2 Version: 3.5_DP1 Version: 3.4_DP7 Version: 3.4_DP10 Version: 3.4_DP5 Version: 3.1_DP15 Version: 3.4_DP11 Version: 3.4_DP8 Version: 3.7_DP1 Version: 3.3_DP4 Version: 3.10_DP1 Version: 3.8_DP1 Version: 3.7_DP2 Version: 3.6_DP1 Version: 3.1_DP16 Version: 3.5_DP4 Version: 3.3_DP3 Version: 3.2_DP2 Version: 3.4_DP4 Version: 3.1_DP14 Version: 3.1_DP6 Version: 3.1_DP9 Version: 3.4_DP6 Version: 3.2_DP3 Version: 3.4_DP9 Version: 3.3_DP2 Version: 3.2_DP1 Version: 3.1_DP10 Version: 3.9_DP1 Version: 3.3_DP1 Version: 3.1_DP13 Version: 3.5_DP2 Version: 3.1_DP12 Version: 3.1_DP4 Version: 3.5_DP3 Version: 3.1_DP8 Version: 3.1_DP7 Version: 3.2_DP4 Version: 3.1_DP11 Version: 3.1_DP5 Version: 3.7.0 Version: 3.7.1 Version: 3.7.1 Update 04 Version: 3.7.1 Update 06 Version: 3.7.1 Update 07 Version: 3.7.1 Update 03 Version: 3.7.0 Update 03 Version: 3.7.1 Update 01 Version: 3.7.1 Update 02 Version: 3.7.1 Update 05 Version: 3.8.0 Version: 3.8.1 Version: 3.8.1 Update 02 Version: 3.8.1 Update 04 Version: 3.8.1 Update 01 Version: 3.8.1 Update 03 Version: 3.8.0 Update 01 Version: 3.8.0 Update 02 Version: 3.9.0 Version: 3.9.1 Version: 3.9.1 Update 02 Version: 3.9.1 Update 03 Version: 3.9.1 Update 01 Version: 3.9.1 Update 04 Version: 3.9.0 Update 01 Version: 3.10.0 Version: 3.10.3 Version: 3.10.1 Version: 3.10.2 Version: 3.10 Update 01 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-pi-epnm-BFjSRJP5", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "2.0.0", }, { status: "affected", version: "2.0.10", }, { status: "affected", version: "2.0.39", }, { status: "affected", version: "2.1.0", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.56", }, { status: "affected", version: "2.2.0", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2.2", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.10", }, { status: "affected", version: "2.2.8", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.7", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "2.2.9", }, { status: "affected", version: "2.2.1 Update 01", }, { status: "affected", version: "2.2.2 Update 03", }, { status: "affected", version: "2.2.2 Update 04", }, { status: "affected", version: "2.2.3 Update 02", }, { status: "affected", version: "2.2.3 Update 03", }, { status: "affected", version: "2.2.3 Update 04", }, { status: "affected", version: "2.2.3 Update 05", }, { status: "affected", version: "2.2.3 Update 06", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0.4", }, { status: "affected", version: "3.0.6", }, { status: "affected", version: "3.0.5", }, { status: "affected", version: "3.0.7", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.7", }, { status: "affected", version: "3.1.5", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1.4", }, { status: "affected", version: "3.1.6", }, { status: "affected", version: "3.2.2", }, { status: "affected", version: "3.2.0-FIPS", }, { status: "affected", version: "3.2.1", }, { status: "affected", version: "3.3.0", }, { status: "affected", version: "3.3.1", }, { status: "affected", version: "3.3.0 Update 01", }, { status: "affected", version: "3.4.0", }, { status: "affected", version: "3.4.1", }, { status: "affected", version: "3.4.2", }, { status: "affected", version: "3.4.1 Update 01", }, { status: "affected", version: "3.4.1 Update 02", }, { status: "affected", version: "3.4.2 Update 01", }, { status: "affected", version: "3.5.0", }, { status: "affected", version: "3.5.1", }, { status: "affected", version: "3.5.0 Update 01", }, { status: "affected", version: "3.5.0 Update 02", }, { status: "affected", version: "3.5.0 Update 03", }, { status: "affected", version: "3.5.1 Update 01", }, { status: "affected", version: "3.5.1 Update 02", }, { status: "affected", version: "3.5.1 Update 03", }, { status: "affected", version: "3.6.0", }, { status: "affected", version: "3.6.0 Update 01", }, { status: "affected", version: "3.6.0 Update 02", }, { status: "affected", version: "3.6.0 Update 03", }, { status: "affected", version: "3.6.0 Update 04", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "3.2", }, { status: "affected", version: "3.4_DP1", }, { status: "affected", version: "3.4_DP3", }, { status: "affected", version: "3.4_DP2", }, { status: "affected", version: "3.5_DP1", }, { status: "affected", version: "3.4_DP7", }, { status: "affected", version: "3.4_DP10", }, { status: "affected", version: "3.4_DP5", }, { status: "affected", version: "3.1_DP15", }, { status: "affected", version: "3.4_DP11", }, { status: "affected", version: "3.4_DP8", }, { status: "affected", version: "3.7_DP1", }, { status: "affected", version: "3.3_DP4", }, { status: "affected", version: "3.10_DP1", }, { status: "affected", version: "3.8_DP1", }, { status: "affected", version: "3.7_DP2", }, { status: "affected", version: "3.6_DP1", }, { status: "affected", version: "3.1_DP16", }, { status: "affected", version: "3.5_DP4", }, { status: "affected", version: "3.3_DP3", }, { status: "affected", version: "3.2_DP2", }, { status: "affected", version: "3.4_DP4", }, { status: "affected", version: "3.1_DP14", }, { status: "affected", version: "3.1_DP6", }, { status: "affected", version: "3.1_DP9", }, { status: "affected", version: "3.4_DP6", }, { status: "affected", version: "3.2_DP3", }, { status: "affected", version: "3.4_DP9", }, { status: "affected", version: "3.3_DP2", }, { status: "affected", version: "3.2_DP1", }, { status: "affected", version: "3.1_DP10", }, { status: "affected", version: "3.9_DP1", }, { status: "affected", version: "3.3_DP1", }, { status: "affected", version: "3.1_DP13", }, { status: "affected", version: "3.5_DP2", }, { status: "affected", version: "3.1_DP12", }, { status: "affected", version: "3.1_DP4", }, { status: "affected", version: "3.5_DP3", }, { status: "affected", version: "3.1_DP8", }, { status: "affected", version: "3.1_DP7", }, { status: "affected", version: "3.2_DP4", }, { status: "affected", version: "3.1_DP11", }, { status: "affected", version: "3.1_DP5", }, { status: "affected", version: "3.7.0", }, { status: "affected", version: "3.7.1", }, { status: "affected", version: "3.7.1 Update 04", }, { status: "affected", version: "3.7.1 Update 06", }, { status: "affected", version: "3.7.1 Update 07", }, { status: "affected", version: "3.7.1 Update 03", }, { status: "affected", version: "3.7.0 Update 03", }, { status: "affected", version: "3.7.1 Update 01", }, { status: "affected", version: "3.7.1 Update 02", }, { status: "affected", version: "3.7.1 Update 05", }, { status: "affected", version: "3.8.0", }, { status: "affected", version: "3.8.1", }, { status: "affected", version: "3.8.1 Update 02", }, { status: "affected", version: "3.8.1 Update 04", }, { status: "affected", version: "3.8.1 Update 01", }, { status: "affected", version: "3.8.1 Update 03", }, { status: "affected", version: "3.8.0 Update 01", }, { status: "affected", version: "3.8.0 Update 02", }, { status: "affected", version: "3.9.0", }, { status: "affected", version: "3.9.1", }, { status: "affected", version: "3.9.1 Update 02", }, { status: "affected", version: "3.9.1 Update 03", }, { status: "affected", version: "3.9.1 Update 01", }, { status: "affected", version: "3.9.1 Update 04", }, { status: "affected", version: "3.9.0 Update 01", }, { status: "affected", version: "3.10.0", }, { status: "affected", version: "3.10.3", }, { status: "affected", version: "3.10.1", }, { status: "affected", version: "3.10.2", }, { status: "affected", version: "3.10 Update 01", }, ], }, { product: "Cisco Evolved Programmable Network Manager (EPNM)", vendor: "Cisco", versions: [ { status: "affected", version: "1.2.6", }, { status: "affected", version: "1.2.2", }, { status: "affected", version: "1.2.3", }, { status: "affected", version: "1.2.5", }, { status: "affected", version: "1.2.1.2", }, { status: "affected", version: "1.2.4", }, { status: "affected", version: "1.2.7", }, { status: "affected", version: "1.2", }, { status: "affected", version: "1.2.2.4", }, { status: "affected", version: "1.2.4.2", }, { status: "affected", version: "2.0.2", }, { status: "affected", version: "2.0.4", }, { status: "affected", version: "2.0.3", }, { status: "affected", version: "2.0.1", }, { status: "affected", version: "2.0", }, { status: "affected", version: "2.0.1.1", }, { status: "affected", version: "2.0.2.1", }, { status: "affected", version: "2.0.4.1", }, { status: "affected", version: "2.0.4.2", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.3", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.1.1.1", }, { status: "affected", version: "2.1.1.3", }, { status: "affected", version: "2.1.1.4", }, { status: "affected", version: "2.1.2.2", }, { status: "affected", version: "2.1.2.3", }, { status: "affected", version: "2.1.3.2", }, { status: "affected", version: "2.1.3.3", }, { status: "affected", version: "2.1.3.4", }, { status: "affected", version: "2.1.3.5", }, { status: "affected", version: "2.1.4", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "2.2.1.1", }, { status: "affected", version: "2.2.1.2", }, { status: "affected", version: "2.2.1.3", }, { status: "affected", version: "2.2.1.4", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1", }, { status: "affected", version: "4.1.1", }, { status: "affected", version: "4.1", }, { status: "affected", version: "4.1.1.1", }, { status: "affected", version: "4.1.1.2", }, { status: "affected", version: "4.0.3", }, { status: "affected", version: "4.0.1", }, { status: "affected", version: "4.0.2", }, { status: "affected", version: "4.0", }, { status: "affected", version: "4.0.3.1", }, { status: "affected", version: "5.0.1", }, { status: "affected", version: "5.0.2", }, { status: "affected", version: "5.0.2.5", }, { status: "affected", version: "5.0.2.3", }, { status: "affected", version: "5.0.2.4", }, { status: "affected", version: "5.0.2.1", }, { status: "affected", version: "5.0.2.2", }, { status: "affected", version: "5.0", }, { status: "affected", version: "5.1.1", }, { status: "affected", version: "5.1.2", }, { status: "affected", version: "5.1.3", }, { status: "affected", version: "5.1.4", }, { status: "affected", version: "5.1.4.2", }, { status: "affected", version: "5.1.4.1", }, { status: "affected", version: "5.1.4.3", }, { status: "affected", version: "5.1", }, { status: "affected", version: "5.1.3.1", }, { status: "affected", version: "5.1.3.2", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "6.0.0", }, { status: "affected", version: "6.0.2", }, { status: "affected", version: "6.0.1", }, { status: "affected", version: "6.0.2.1", }, { status: "affected", version: "6.0.1.1", }, { status: "affected", version: "6.0.3", }, { status: "affected", version: "6.1.1", }, { status: "affected", version: "6.1.1.1", }, { status: "affected", version: "6.1", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.\r\n\r These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:57:56.556Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-pi-epnm-BFjSRJP5", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, ], source: { advisory: "cisco-sa-pi-epnm-BFjSRJP5", defects: [ "CSCwf09318", "CSCwf29121", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20201", datePublished: "2023-08-16T21:39:11.419Z", dateReserved: "2022-10-27T18:47:50.366Z", dateUpdated: "2024-08-02T09:05:36.172Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1823
Vulnerability from cvelistv5
Published
2019-05-16 01:10
Modified
2024-11-20 17:18
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108339 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: 3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.908Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { name: "108339", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108339", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1823", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:54:22.510313Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:18:29.630Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "3.4", }, ], }, ], datePublic: "2019-05-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T09:06:04", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { name: "108339", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108339", }, ], source: { advisory: "cisco-sa-20190515-pi-rce", defect: [ [ "CSCvo22842", "CSCvo28671", "CSCvo28680", "CSCvo62258", "CSCvo62264", "CSCvo62280", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-05-15T16:00:00-0700", ID: "CVE-2019-1823", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "3.4", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "8.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { name: "108339", refsource: "BID", url: "http://www.securityfocus.com/bid/108339", }, ], }, source: { advisory: "cisco-sa-20190515-pi-rce", defect: [ [ "CSCvo22842", "CSCvo28671", "CSCvo28680", "CSCvo62258", "CSCvo62264", "CSCvo62280", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1823", datePublished: "2019-05-16T01:10:27.105031Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:18:29.630Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20130
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-25 16:01
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:57:35.870Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", tags: [ "vendor-advisory", "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20130", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-25T14:35:23.838355Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T16:01:07.105Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure ", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2023-04-05T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. ", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-27", description: "CWE-27", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-05T00:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", tags: [ "vendor-advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, ], source: { advisory: "cisco-sa-pi-epnm-eRPWAXLe", defect: [ [ "CSCwc25461", "CSCwc51948", "CSCwc76734", "CSCwd28312", "CSCwd69561", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20130", datePublished: "2023-04-05T00:00:00", dateReserved: "2022-10-27T00:00:00", dateUpdated: "2024-10-25T16:01:07.105Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15958
Vulnerability from cvelistv5
Published
2019-11-26 03:11
Modified
2024-11-20 17:04
Severity ?
EPSS score ?
Summary
A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: unspecified < n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:03:32.463Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20191106 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-15958", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:50:40.643690Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:04:51.777Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { lessThan: "n/a", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-11-06T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-26T03:11:36", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20191106 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex", }, ], source: { advisory: "cisco-sa-20191106-pi-epn-codex", defect: [ [ "CSCvp79419", "CSCvp79611", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-11-06T16:00:00-0800", ID: "CVE-2019-15958", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "8.1", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20191106 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex", }, ], }, source: { advisory: "cisco-sa-20191106-pi-epn-codex", defect: [ [ "CSCvp79419", "CSCvp79611", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-15958", datePublished: "2019-11-26T03:11:37.063933Z", dateReserved: "2019-09-06T00:00:00", dateUpdated: "2024-11-20T17:04:51.777Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1818
Vulnerability from cvelistv5
Published
2019-05-16 01:10
Modified
2024-11-21 19:24
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1818 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108352 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: 3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.877Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1818", }, { name: "108352", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108352", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1818", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:58:26.457379Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:24:42.824Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "3.4", }, ], }, ], datePublic: "2019-05-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-17T10:06:03", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1818", }, { name: "108352", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108352", }, ], source: { advisory: "cisco-sa-20190515-pi-pathtrav-1818", defect: [ [ "CSCvo28666", "CSCvo62256", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-05-15T16:00:00-0700", ID: "CVE-2019-1818", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "3.4", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1818", }, { name: "108352", refsource: "BID", url: "http://www.securityfocus.com/bid/108352", }, ], }, source: { advisory: "cisco-sa-20190515-pi-pathtrav-1818", defect: [ [ "CSCvo28666", "CSCvo62256", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1818", datePublished: "2019-05-16T01:10:58.191024Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-21T19:24:42.824Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1819
Vulnerability from cvelistv5
Published
2019-05-16 01:10
Modified
2024-11-21 19:24
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1819 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108351 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: 3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.873Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1819", }, { name: "108351", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108351", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1819", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:58:28.000231Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:24:55.928Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "3.4", }, ], }, ], datePublic: "2019-05-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-17T10:06:03", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1819", }, { name: "108351", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108351", }, ], source: { advisory: "cisco-sa-20190515-pi-pathtrav-1819", defect: [ [ "CSCvo28677", "CSCvo62260", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-05-15T16:00:00-0700", ID: "CVE-2019-1819", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "3.4", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1819", }, { name: "108351", refsource: "BID", url: "http://www.securityfocus.com/bid/108351", }, ], }, source: { advisory: "cisco-sa-20190515-pi-pathtrav-1819", defect: [ [ "CSCvo28677", "CSCvo62260", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1819", datePublished: "2019-05-16T01:10:52.270340Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-21T19:24:55.928Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1406
Vulnerability from cvelistv5
Published
2016-05-25 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035948 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:55:14.285Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1035948", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035948", }, { name: "20160523 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-23T00:00:00", descriptions: [ { lang: "en", value: "The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-29T16:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1035948", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035948", }, { name: "20160523 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-1406", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1035948", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035948", }, { name: "20160523 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-1406", datePublished: "2016-05-25T01:00:00", dateReserved: "2016-01-04T00:00:00", dateUpdated: "2024-08-05T22:55:14.285Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20257
Vulnerability from cvelistv5
Published
2024-01-17 16:55
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Prime Infrastructure |
Version: 2.0.0 Version: 2.0.10 Version: 2.0.39 Version: 2.1.0 Version: 2.1.1 Version: 2.1.2 Version: 2.1.56 Version: 2.2.0 Version: 2.2.1 Version: 2.2.2 Version: 2.2.3 Version: 2.2.10 Version: 2.2.8 Version: 2.2.4 Version: 2.2.7 Version: 2.2.5 Version: 2.2.9 Version: 2.2.1 Update 01 Version: 2.2.2 Update 03 Version: 2.2.2 Update 04 Version: 2.2.3 Update 02 Version: 2.2.3 Update 03 Version: 2.2.3 Update 04 Version: 2.2.3 Update 05 Version: 2.2.3 Update 06 Version: 3.0.0 Version: 3.0.1 Version: 3.0.2 Version: 3.0.3 Version: 3.0.4 Version: 3.0.6 Version: 3.0.5 Version: 3.0.7 Version: 3.1.0 Version: 3.1.1 Version: 3.1.7 Version: 3.1.5 Version: 3.1.2 Version: 3.1.3 Version: 3.1.4 Version: 3.1.6 Version: 3.2.2 Version: 3.2.0-FIPS Version: 3.2.1 Version: 3.3.0 Version: 3.3.1 Version: 3.3.0 Update 01 Version: 3.4.0 Version: 3.4.1 Version: 3.4.2 Version: 3.4.1 Update 01 Version: 3.4.1 Update 02 Version: 3.4.2 Update 01 Version: 3.5.0 Version: 3.5.1 Version: 3.5.0 Update 01 Version: 3.5.0 Update 02 Version: 3.5.0 Update 03 Version: 3.5.1 Update 01 Version: 3.5.1 Update 02 Version: 3.5.1 Update 03 Version: 3.6.0 Version: 3.6.0 Update 01 Version: 3.6.0 Update 02 Version: 3.6.0 Update 03 Version: 3.6.0 Update 04 Version: 2.1 Version: 2.2 Version: 3.2 Version: 3.4_DP1 Version: 3.4_DP3 Version: 3.4_DP2 Version: 3.5_DP1 Version: 3.4_DP7 Version: 3.4_DP10 Version: 3.4_DP5 Version: 3.1_DP15 Version: 3.4_DP11 Version: 3.4_DP8 Version: 3.7_DP1 Version: 3.3_DP4 Version: 3.10_DP1 Version: 3.8_DP1 Version: 3.7_DP2 Version: 3.6_DP1 Version: 3.1_DP16 Version: 3.5_DP4 Version: 3.3_DP3 Version: 3.2_DP2 Version: 3.4_DP4 Version: 3.1_DP14 Version: 3.1_DP6 Version: 3.1_DP9 Version: 3.4_DP6 Version: 3.2_DP3 Version: 3.4_DP9 Version: 3.3_DP2 Version: 3.2_DP1 Version: 3.1_DP10 Version: 3.9_DP1 Version: 3.3_DP1 Version: 3.1_DP13 Version: 3.5_DP2 Version: 3.1_DP12 Version: 3.1_DP4 Version: 3.5_DP3 Version: 3.1_DP8 Version: 3.1_DP7 Version: 3.2_DP4 Version: 3.1_DP11 Version: 3.1_DP5 Version: 3.7.0 Version: 3.7.1 Version: 3.7.1 Update 04 Version: 3.7.1 Update 06 Version: 3.7.1 Update 07 Version: 3.7.1 Update 03 Version: 3.7.0 Update 03 Version: 3.7.1 Update 01 Version: 3.7.1 Update 02 Version: 3.7.1 Update 05 Version: 3.8.0 Version: 3.8.1 Version: 3.8.1 Update 02 Version: 3.8.1 Update 04 Version: 3.8.1 Update 01 Version: 3.8.1 Update 03 Version: 3.8.0 Update 01 Version: 3.8.0 Update 02 Version: 3.9.0 Version: 3.9.1 Version: 3.9.1 Update 02 Version: 3.9.1 Update 03 Version: 3.9.1 Update 01 Version: 3.9.1 Update 04 Version: 3.9.0 Update 01 Version: 3.10.0 Version: 3.10.3 Version: 3.10.1 Version: 3.10.2 Version: 3.10 Update 01 Version: 3.10.4 Version: 3.10.4 Update 01 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.693Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-pi-epnm-wkZJeyeq", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "2.0.0", }, { status: "affected", version: "2.0.10", }, { status: "affected", version: "2.0.39", }, { status: "affected", version: "2.1.0", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.56", }, { status: "affected", version: "2.2.0", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2.2", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.10", }, { status: "affected", version: "2.2.8", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.7", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "2.2.9", }, { status: "affected", version: "2.2.1 Update 01", }, { status: "affected", version: "2.2.2 Update 03", }, { status: "affected", version: "2.2.2 Update 04", }, { status: "affected", version: "2.2.3 Update 02", }, { status: "affected", version: "2.2.3 Update 03", }, { status: "affected", version: "2.2.3 Update 04", }, { status: "affected", version: "2.2.3 Update 05", }, { status: "affected", version: "2.2.3 Update 06", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0.4", }, { status: "affected", version: "3.0.6", }, { status: "affected", version: "3.0.5", }, { status: "affected", version: "3.0.7", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.7", }, { status: "affected", version: "3.1.5", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1.4", }, { status: "affected", version: "3.1.6", }, { status: "affected", version: "3.2.2", }, { status: "affected", version: "3.2.0-FIPS", }, { status: "affected", version: "3.2.1", }, { status: "affected", version: "3.3.0", }, { status: "affected", version: "3.3.1", }, { status: "affected", version: "3.3.0 Update 01", }, { status: "affected", version: "3.4.0", }, { status: "affected", version: "3.4.1", }, { status: "affected", version: "3.4.2", }, { status: "affected", version: "3.4.1 Update 01", }, { status: "affected", version: "3.4.1 Update 02", }, { status: "affected", version: "3.4.2 Update 01", }, { status: "affected", version: "3.5.0", }, { status: "affected", version: "3.5.1", }, { status: "affected", version: "3.5.0 Update 01", }, { status: "affected", version: "3.5.0 Update 02", }, { status: "affected", version: "3.5.0 Update 03", }, { status: "affected", version: "3.5.1 Update 01", }, { status: "affected", version: "3.5.1 Update 02", }, { status: "affected", version: "3.5.1 Update 03", }, { status: "affected", version: "3.6.0", }, { status: "affected", version: "3.6.0 Update 01", }, { status: "affected", version: "3.6.0 Update 02", }, { status: "affected", version: "3.6.0 Update 03", }, { status: "affected", version: "3.6.0 Update 04", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "3.2", }, { status: "affected", version: "3.4_DP1", }, { status: "affected", version: "3.4_DP3", }, { status: "affected", version: "3.4_DP2", }, { status: "affected", version: "3.5_DP1", }, { status: "affected", version: "3.4_DP7", }, { status: "affected", version: "3.4_DP10", }, { status: "affected", version: "3.4_DP5", }, { status: "affected", version: "3.1_DP15", }, { status: "affected", version: "3.4_DP11", }, { status: "affected", version: "3.4_DP8", }, { status: "affected", version: "3.7_DP1", }, { status: "affected", version: "3.3_DP4", }, { status: "affected", version: "3.10_DP1", }, { status: "affected", version: "3.8_DP1", }, { status: "affected", version: "3.7_DP2", }, { status: "affected", version: "3.6_DP1", }, { status: "affected", version: "3.1_DP16", }, { status: "affected", version: "3.5_DP4", }, { status: "affected", version: "3.3_DP3", }, { status: "affected", version: "3.2_DP2", }, { status: "affected", version: "3.4_DP4", }, { status: "affected", version: "3.1_DP14", }, { status: "affected", version: "3.1_DP6", }, { status: "affected", version: "3.1_DP9", }, { status: "affected", version: "3.4_DP6", }, { status: "affected", version: "3.2_DP3", }, { status: "affected", version: "3.4_DP9", }, { status: "affected", version: "3.3_DP2", }, { status: "affected", version: "3.2_DP1", }, { status: "affected", version: "3.1_DP10", }, { status: "affected", version: "3.9_DP1", }, { status: "affected", version: "3.3_DP1", }, { status: "affected", version: "3.1_DP13", }, { status: "affected", version: "3.5_DP2", }, { status: "affected", version: "3.1_DP12", }, { status: "affected", version: "3.1_DP4", }, { status: "affected", version: "3.5_DP3", }, { status: "affected", version: "3.1_DP8", }, { status: "affected", version: "3.1_DP7", }, { status: "affected", version: "3.2_DP4", }, { status: "affected", version: "3.1_DP11", }, { status: "affected", version: "3.1_DP5", }, { status: "affected", version: "3.7.0", }, { status: "affected", version: "3.7.1", }, { status: "affected", version: "3.7.1 Update 04", }, { status: "affected", version: "3.7.1 Update 06", }, { status: "affected", version: "3.7.1 Update 07", }, { status: "affected", version: "3.7.1 Update 03", }, { status: "affected", version: "3.7.0 Update 03", }, { status: "affected", version: "3.7.1 Update 01", }, { status: "affected", version: "3.7.1 Update 02", }, { status: "affected", version: "3.7.1 Update 05", }, { status: "affected", version: "3.8.0", }, { status: "affected", version: "3.8.1", }, { status: "affected", version: "3.8.1 Update 02", }, { status: "affected", version: "3.8.1 Update 04", }, { status: "affected", version: "3.8.1 Update 01", }, { status: "affected", version: "3.8.1 Update 03", }, { status: "affected", version: "3.8.0 Update 01", }, { status: "affected", version: "3.8.0 Update 02", }, { status: "affected", version: "3.9.0", }, { status: "affected", version: "3.9.1", }, { status: "affected", version: "3.9.1 Update 02", }, { status: "affected", version: "3.9.1 Update 03", }, { status: "affected", version: "3.9.1 Update 01", }, { status: "affected", version: "3.9.1 Update 04", }, { status: "affected", version: "3.9.0 Update 01", }, { status: "affected", version: "3.10.0", }, { status: "affected", version: "3.10.3", }, { status: "affected", version: "3.10.1", }, { status: "affected", version: "3.10.2", }, { status: "affected", version: "3.10 Update 01", }, { status: "affected", version: "3.10.4", }, { status: "affected", version: "3.10.4 Update 01", }, ], }, { product: "Cisco Evolved Programmable Network Manager (EPNM)", vendor: "Cisco", versions: [ { status: "affected", version: "1.2.6", }, { status: "affected", version: "1.2.2", }, { status: "affected", version: "1.2.3", }, { status: "affected", version: "1.2.5", }, { status: "affected", version: "1.2.1.2", }, { status: "affected", version: "1.2.4", }, { status: "affected", version: "1.2.7", }, { status: "affected", version: "1.2", }, { status: "affected", version: "1.2.2.4", }, { status: "affected", version: "1.2.4.2", }, { status: "affected", version: "2.0.2", }, { status: "affected", version: "2.0.4", }, { status: "affected", version: "2.0.3", }, { status: "affected", version: "2.0.1", }, { status: "affected", version: "2.0", }, { status: "affected", version: "2.0.1.1", }, { status: "affected", version: "2.0.2.1", }, { status: "affected", version: "2.0.4.1", }, { status: "affected", version: "2.0.4.2", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.3", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.1.1.1", }, { status: "affected", version: "2.1.1.3", }, { status: "affected", version: "2.1.1.4", }, { status: "affected", version: "2.1.2.2", }, { status: "affected", version: "2.1.2.3", }, { status: "affected", version: "2.1.3.2", }, { status: "affected", version: "2.1.3.3", }, { status: "affected", version: "2.1.3.4", }, { status: "affected", version: "2.1.3.5", }, { status: "affected", version: "2.1.4", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "2.2.1.1", }, { status: "affected", version: "2.2.1.2", }, { status: "affected", version: "2.2.1.3", }, { status: "affected", version: "2.2.1.4", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1", }, { status: "affected", version: "4.1.1", }, { status: "affected", version: "4.1", }, { status: "affected", version: "4.1.1.1", }, { status: "affected", version: "4.1.1.2", }, { status: "affected", version: "4.0.3", }, { status: "affected", version: "4.0.1", }, { status: "affected", version: "4.0.2", }, { status: "affected", version: "4.0", }, { status: "affected", version: "4.0.3.1", }, { status: "affected", version: "5.0.1", }, { status: "affected", version: "5.0.2", }, { status: "affected", version: "5.0.2.5", }, { status: "affected", version: "5.0.2.3", }, { status: "affected", version: "5.0.2.4", }, { status: "affected", version: "5.0.2.1", }, { status: "affected", version: "5.0.2.2", }, { status: "affected", version: "5.0", }, { status: "affected", version: "5.0.2.6", }, { status: "affected", version: "5.1.1", }, { status: "affected", version: "5.1.2", }, { status: "affected", version: "5.1.3", }, { status: "affected", version: "5.1.4", }, { status: "affected", version: "5.1.4.2", }, { status: "affected", version: "5.1.4.1", }, { status: "affected", version: "5.1.4.3", }, { status: "affected", version: "5.1", }, { status: "affected", version: "5.1.3.1", }, { status: "affected", version: "5.1.3.2", }, { status: "affected", version: "5.1.4.4", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "6.0.0", }, { status: "affected", version: "6.0.2", }, { status: "affected", version: "6.0.1", }, { status: "affected", version: "6.0.2.1", }, { status: "affected", version: "6.0.1.1", }, { status: "affected", version: "6.0.3", }, { status: "affected", version: "6.0.3.1", }, { status: "affected", version: "6.1.1", }, { status: "affected", version: "6.1.1.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.1.2", }, { status: "affected", version: "6.1.1.2.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-80", description: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-02T15:42:31.456Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-pi-epnm-wkZJeyeq", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], source: { advisory: "cisco-sa-pi-epnm-wkZJeyeq", defects: [ "CSCwf81870", "CSCwf83565", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20257", datePublished: "2024-01-17T16:55:42.034Z", dateReserved: "2022-10-27T18:47:50.372Z", dateUpdated: "2024-08-02T09:05:36.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1822
Vulnerability from cvelistv5
Published
2019-05-16 01:10
Modified
2024-11-20 17:18
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108339 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: 3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.869Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { name: "108339", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108339", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1822", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:54:21.421961Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:18:21.036Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "3.4", }, ], }, ], datePublic: "2019-05-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T09:06:04", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { name: "108339", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108339", }, ], source: { advisory: "cisco-sa-20190515-pi-rce", defect: [ [ "CSCvo22842", "CSCvo28671", "CSCvo28680", "CSCvo62258", "CSCvo62264", "CSCvo62280", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-05-15T16:00:00-0700", ID: "CVE-2019-1822", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "3.4", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "8.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { name: "108339", refsource: "BID", url: "http://www.securityfocus.com/bid/108339", }, ], }, source: { advisory: "cisco-sa-20190515-pi-rce", defect: [ [ "CSCvo22842", "CSCvo28671", "CSCvo28680", "CSCvo62258", "CSCvo62264", "CSCvo62280", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1822", datePublished: "2019-05-16T01:10:33.723285Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:18:21.036Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1487
Vulnerability from cvelistv5
Published
2021-05-22 06:45
Modified
2024-11-08 21:14
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with the permissions of a special non-root user. In this way, an attacker could take control of the affected system, which would allow them to obtain and alter sensitive data. The attacker could also affect the devices that are managed by the affected system by pushing arbitrary configuration files, retrieving device credentials and confidential information, and ultimately undermining the stability of the devices, causing a denial of service (DoS) condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-cmd-inj-YU5e6tB3 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:17.385Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210519 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-cmd-inj-YU5e6tB3", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1487", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:16:47.434952Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T21:14:45.671Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-05-19T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with the permissions of a special non-root user. In this way, an attacker could take control of the affected system, which would allow them to obtain and alter sensitive data. The attacker could also affect the devices that are managed by the affected system by pushing arbitrary configuration files, retrieving device credentials and confidential information, and ultimately undermining the stability of the devices, causing a denial of service (DoS) condition.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-22T06:45:30", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210519 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-cmd-inj-YU5e6tB3", }, ], source: { advisory: "cisco-sa-pi-epnm-cmd-inj-YU5e6tB3", defect: [ [ "CSCvw07763", "CSCvw67903", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-05-19T16:00:00", ID: "CVE-2021-1487", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with the permissions of a special non-root user. In this way, an attacker could take control of the affected system, which would allow them to obtain and alter sensitive data. The attacker could also affect the devices that are managed by the affected system by pushing arbitrary configuration files, retrieving device credentials and confidential information, and ultimately undermining the stability of the devices, causing a denial of service (DoS) condition.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "8.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78", }, ], }, ], }, references: { reference_data: [ { name: "20210519 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-cmd-inj-YU5e6tB3", }, ], }, source: { advisory: "cisco-sa-pi-epnm-cmd-inj-YU5e6tB3", defect: [ [ "CSCvw07763", "CSCvw67903", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1487", datePublished: "2021-05-22T06:45:30.298929Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T21:14:45.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20203
Vulnerability from cvelistv5
Published
2023-08-16 21:38
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Prime Infrastructure |
Version: 2.0.0 Version: 2.0.10 Version: 2.0.39 Version: 2.1.0 Version: 2.1.1 Version: 2.1.2 Version: 2.1.56 Version: 2.2.0 Version: 2.2.1 Version: 2.2.2 Version: 2.2.3 Version: 2.2.10 Version: 2.2.8 Version: 2.2.4 Version: 2.2.7 Version: 2.2.5 Version: 2.2.9 Version: 2.2.1 Update 01 Version: 2.2.2 Update 03 Version: 2.2.2 Update 04 Version: 2.2.3 Update 02 Version: 2.2.3 Update 03 Version: 2.2.3 Update 04 Version: 2.2.3 Update 05 Version: 2.2.3 Update 06 Version: 3.0.0 Version: 3.0.1 Version: 3.0.2 Version: 3.0.3 Version: 3.0.4 Version: 3.0.6 Version: 3.0.5 Version: 3.0.7 Version: 3.1.0 Version: 3.1.1 Version: 3.1.7 Version: 3.1.5 Version: 3.1.2 Version: 3.1.3 Version: 3.1.4 Version: 3.1.6 Version: 3.2.2 Version: 3.2.0-FIPS Version: 3.2.1 Version: 3.3.0 Version: 3.3.1 Version: 3.3.0 Update 01 Version: 3.4.0 Version: 3.4.1 Version: 3.4.2 Version: 3.4.1 Update 01 Version: 3.4.1 Update 02 Version: 3.4.2 Update 01 Version: 3.5.0 Version: 3.5.1 Version: 3.5.0 Update 01 Version: 3.5.0 Update 02 Version: 3.5.0 Update 03 Version: 3.5.1 Update 01 Version: 3.5.1 Update 02 Version: 3.5.1 Update 03 Version: 3.6.0 Version: 3.6.0 Update 01 Version: 3.6.0 Update 02 Version: 3.6.0 Update 03 Version: 3.6.0 Update 04 Version: 2.1 Version: 2.2 Version: 3.2 Version: 3.4_DP1 Version: 3.4_DP3 Version: 3.4_DP2 Version: 3.5_DP1 Version: 3.4_DP7 Version: 3.4_DP10 Version: 3.4_DP5 Version: 3.1_DP15 Version: 3.4_DP11 Version: 3.4_DP8 Version: 3.7_DP1 Version: 3.3_DP4 Version: 3.10_DP1 Version: 3.8_DP1 Version: 3.7_DP2 Version: 3.6_DP1 Version: 3.1_DP16 Version: 3.5_DP4 Version: 3.3_DP3 Version: 3.2_DP2 Version: 3.4_DP4 Version: 3.1_DP14 Version: 3.1_DP6 Version: 3.1_DP9 Version: 3.4_DP6 Version: 3.2_DP3 Version: 3.4_DP9 Version: 3.3_DP2 Version: 3.2_DP1 Version: 3.1_DP10 Version: 3.9_DP1 Version: 3.3_DP1 Version: 3.1_DP13 Version: 3.5_DP2 Version: 3.1_DP12 Version: 3.1_DP4 Version: 3.5_DP3 Version: 3.1_DP8 Version: 3.1_DP7 Version: 3.2_DP4 Version: 3.1_DP11 Version: 3.1_DP5 Version: 3.7.0 Version: 3.7.1 Version: 3.7.1 Update 04 Version: 3.7.1 Update 06 Version: 3.7.1 Update 07 Version: 3.7.1 Update 03 Version: 3.7.0 Update 03 Version: 3.7.1 Update 01 Version: 3.7.1 Update 02 Version: 3.7.1 Update 05 Version: 3.8.0 Version: 3.8.1 Version: 3.8.1 Update 02 Version: 3.8.1 Update 04 Version: 3.8.1 Update 01 Version: 3.8.1 Update 03 Version: 3.8.0 Update 01 Version: 3.8.0 Update 02 Version: 3.9.0 Version: 3.9.1 Version: 3.9.1 Update 02 Version: 3.9.1 Update 03 Version: 3.9.1 Update 01 Version: 3.9.1 Update 04 Version: 3.9.0 Update 01 Version: 3.10.0 Version: 3.10.3 Version: 3.10.1 Version: 3.10.2 Version: 3.10 Update 01 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:35.911Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-pi-epnm-BFjSRJP5", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "2.0.0", }, { status: "affected", version: "2.0.10", }, { status: "affected", version: "2.0.39", }, { status: "affected", version: "2.1.0", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.56", }, { status: "affected", version: "2.2.0", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2.2", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.10", }, { status: "affected", version: "2.2.8", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.7", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "2.2.9", }, { status: "affected", version: "2.2.1 Update 01", }, { status: "affected", version: "2.2.2 Update 03", }, { status: "affected", version: "2.2.2 Update 04", }, { status: "affected", version: "2.2.3 Update 02", }, { status: "affected", version: "2.2.3 Update 03", }, { status: "affected", version: "2.2.3 Update 04", }, { status: "affected", version: "2.2.3 Update 05", }, { status: "affected", version: "2.2.3 Update 06", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0.4", }, { status: "affected", version: "3.0.6", }, { status: "affected", version: "3.0.5", }, { status: "affected", version: "3.0.7", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.7", }, { status: "affected", version: "3.1.5", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1.4", }, { status: "affected", version: "3.1.6", }, { status: "affected", version: "3.2.2", }, { status: "affected", version: "3.2.0-FIPS", }, { status: "affected", version: "3.2.1", }, { status: "affected", version: "3.3.0", }, { status: "affected", version: "3.3.1", }, { status: "affected", version: "3.3.0 Update 01", }, { status: "affected", version: "3.4.0", }, { status: "affected", version: "3.4.1", }, { status: "affected", version: "3.4.2", }, { status: "affected", version: "3.4.1 Update 01", }, { status: "affected", version: "3.4.1 Update 02", }, { status: "affected", version: "3.4.2 Update 01", }, { status: "affected", version: "3.5.0", }, { status: "affected", version: "3.5.1", }, { status: "affected", version: "3.5.0 Update 01", }, { status: "affected", version: "3.5.0 Update 02", }, { status: "affected", version: "3.5.0 Update 03", }, { status: "affected", version: "3.5.1 Update 01", }, { status: "affected", version: "3.5.1 Update 02", }, { status: "affected", version: "3.5.1 Update 03", }, { status: "affected", version: "3.6.0", }, { status: "affected", version: "3.6.0 Update 01", }, { status: "affected", version: "3.6.0 Update 02", }, { status: "affected", version: "3.6.0 Update 03", }, { status: "affected", version: "3.6.0 Update 04", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "3.2", }, { status: "affected", version: "3.4_DP1", }, { status: "affected", version: "3.4_DP3", }, { status: "affected", version: "3.4_DP2", }, { status: "affected", version: "3.5_DP1", }, { status: "affected", version: "3.4_DP7", }, { status: "affected", version: "3.4_DP10", }, { status: "affected", version: "3.4_DP5", }, { status: "affected", version: "3.1_DP15", }, { status: "affected", version: "3.4_DP11", }, { status: "affected", version: "3.4_DP8", }, { status: "affected", version: "3.7_DP1", }, { status: "affected", version: "3.3_DP4", }, { status: "affected", version: "3.10_DP1", }, { status: "affected", version: "3.8_DP1", }, { status: "affected", version: "3.7_DP2", }, { status: "affected", version: "3.6_DP1", }, { status: "affected", version: "3.1_DP16", }, { status: "affected", version: "3.5_DP4", }, { status: "affected", version: "3.3_DP3", }, { status: "affected", version: "3.2_DP2", }, { status: "affected", version: "3.4_DP4", }, { status: "affected", version: "3.1_DP14", }, { status: "affected", version: "3.1_DP6", }, { status: "affected", version: "3.1_DP9", }, { status: "affected", version: "3.4_DP6", }, { status: "affected", version: "3.2_DP3", }, { status: "affected", version: "3.4_DP9", }, { status: "affected", version: "3.3_DP2", }, { status: "affected", version: "3.2_DP1", }, { status: "affected", version: "3.1_DP10", }, { status: "affected", version: "3.9_DP1", }, { status: "affected", version: "3.3_DP1", }, { status: "affected", version: "3.1_DP13", }, { status: "affected", version: "3.5_DP2", }, { status: "affected", version: "3.1_DP12", }, { status: "affected", version: "3.1_DP4", }, { status: "affected", version: "3.5_DP3", }, { status: "affected", version: "3.1_DP8", }, { status: "affected", version: "3.1_DP7", }, { status: "affected", version: "3.2_DP4", }, { status: "affected", version: "3.1_DP11", }, { status: "affected", version: "3.1_DP5", }, { status: "affected", version: "3.7.0", }, { status: "affected", version: "3.7.1", }, { status: "affected", version: "3.7.1 Update 04", }, { status: "affected", version: "3.7.1 Update 06", }, { status: "affected", version: "3.7.1 Update 07", }, { status: "affected", version: "3.7.1 Update 03", }, { status: "affected", version: "3.7.0 Update 03", }, { status: "affected", version: "3.7.1 Update 01", }, { status: "affected", version: "3.7.1 Update 02", }, { status: "affected", version: "3.7.1 Update 05", }, { status: "affected", version: "3.8.0", }, { status: "affected", version: "3.8.1", }, { status: "affected", version: "3.8.1 Update 02", }, { status: "affected", version: "3.8.1 Update 04", }, { status: "affected", version: "3.8.1 Update 01", }, { status: "affected", version: "3.8.1 Update 03", }, { status: "affected", version: "3.8.0 Update 01", }, { status: "affected", version: "3.8.0 Update 02", }, { status: "affected", version: "3.9.0", }, { status: "affected", version: "3.9.1", }, { status: "affected", version: "3.9.1 Update 02", }, { status: "affected", version: "3.9.1 Update 03", }, { status: "affected", version: "3.9.1 Update 01", }, { status: "affected", version: "3.9.1 Update 04", }, { status: "affected", version: "3.9.0 Update 01", }, { status: "affected", version: "3.10.0", }, { status: "affected", version: "3.10.3", }, { status: "affected", version: "3.10.1", }, { status: "affected", version: "3.10.2", }, { status: "affected", version: "3.10 Update 01", }, ], }, { product: "Cisco Evolved Programmable Network Manager (EPNM)", vendor: "Cisco", versions: [ { status: "affected", version: "1.2.6", }, { status: "affected", version: "1.2.2", }, { status: "affected", version: "1.2.3", }, { status: "affected", version: "1.2.5", }, { status: "affected", version: "1.2.1.2", }, { status: "affected", version: "1.2.4", }, { status: "affected", version: "1.2.7", }, { status: "affected", version: "1.2", }, { status: "affected", version: "1.2.2.4", }, { status: "affected", version: "1.2.4.2", }, { status: "affected", version: "2.0.2", }, { status: "affected", version: "2.0.4", }, { status: "affected", version: "2.0.3", }, { status: "affected", version: "2.0.1", }, { status: "affected", version: "2.0", }, { status: "affected", version: "2.0.1.1", }, { status: "affected", version: "2.0.2.1", }, { status: "affected", version: "2.0.4.1", }, { status: "affected", version: "2.0.4.2", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.3", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.1.1.1", }, { status: "affected", version: "2.1.1.3", }, { status: "affected", version: "2.1.1.4", }, { status: "affected", version: "2.1.2.2", }, { status: "affected", version: "2.1.2.3", }, { status: "affected", version: "2.1.3.2", }, { status: "affected", version: "2.1.3.3", }, { status: "affected", version: "2.1.3.4", }, { status: "affected", version: "2.1.3.5", }, { status: "affected", version: "2.1.4", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "2.2.1.1", }, { status: "affected", version: "2.2.1.2", }, { status: "affected", version: "2.2.1.3", }, { status: "affected", version: "2.2.1.4", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1", }, { status: "affected", version: "4.1.1", }, { status: "affected", version: "4.1", }, { status: "affected", version: "4.1.1.1", }, { status: "affected", version: "4.1.1.2", }, { status: "affected", version: "4.0.3", }, { status: "affected", version: "4.0.1", }, { status: "affected", version: "4.0.2", }, { status: "affected", version: "4.0", }, { status: "affected", version: "4.0.3.1", }, { status: "affected", version: "5.0.1", }, { status: "affected", version: "5.0.2", }, { status: "affected", version: "5.0.2.5", }, { status: "affected", version: "5.0.2.3", }, { status: "affected", version: "5.0.2.4", }, { status: "affected", version: "5.0.2.1", }, { status: "affected", version: "5.0.2.2", }, { status: "affected", version: "5.0", }, { status: "affected", version: "5.1.1", }, { status: "affected", version: "5.1.2", }, { status: "affected", version: "5.1.3", }, { status: "affected", version: "5.1.4", }, { status: "affected", version: "5.1.4.2", }, { status: "affected", version: "5.1.4.1", }, { status: "affected", version: "5.1.4.3", }, { status: "affected", version: "5.1", }, { status: "affected", version: "5.1.3.1", }, { status: "affected", version: "5.1.3.2", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "6.0.0", }, { status: "affected", version: "6.0.2", }, { status: "affected", version: "6.0.1", }, { status: "affected", version: "6.0.2.1", }, { status: "affected", version: "6.0.1.1", }, { status: "affected", version: "6.0.3", }, { status: "affected", version: "6.1.1", }, { status: "affected", version: "6.1.1.1", }, { status: "affected", version: "6.1", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.\r\n\r These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:57:57.205Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-pi-epnm-BFjSRJP5", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, ], source: { advisory: "cisco-sa-pi-epnm-BFjSRJP5", defects: [ "CSCwf29121", "CSCwe77480", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20203", datePublished: "2023-08-16T21:38:58.626Z", dateReserved: "2022-10-27T18:47:50.367Z", dateUpdated: "2024-08-02T09:05:35.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1408
Vulnerability from cvelistv5
Published
2016-07-02 14:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1036197 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/91506 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:55:14.365Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20160629 Cisco Prime Infrastructure and Evolved Programmable Network Manager Authenticated Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm", }, { name: "1036197", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036197", }, { name: "91506", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91506", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-29T00:00:00", descriptions: [ { lang: "en", value: "Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-31T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20160629 Cisco Prime Infrastructure and Evolved Programmable Network Manager Authenticated Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm", }, { name: "1036197", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036197", }, { name: "91506", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91506", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-1408", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20160629 Cisco Prime Infrastructure and Evolved Programmable Network Manager Authenticated Remote Code Execution Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm", }, { name: "1036197", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036197", }, { name: "91506", refsource: "BID", url: "http://www.securityfocus.com/bid/91506", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-1408", datePublished: "2016-07-02T14:00:00", dateReserved: "2016-01-04T00:00:00", dateUpdated: "2024-08-05T22:55:14.365Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1820
Vulnerability from cvelistv5
Published
2019-05-16 01:10
Modified
2024-11-21 19:25
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1820 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108345 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: 3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1820", }, { name: "108345", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108345", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1820", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:58:29.873735Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:25:24.142Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "3.4", }, ], }, ], datePublic: "2019-05-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T14:06:08", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1820", }, { name: "108345", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108345", }, ], source: { advisory: "cisco-sa-20190515-pi-pathtrav-1820", defect: [ [ "CSCvo28684", "CSCvo62276", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-05-15T16:00:00-0700", ID: "CVE-2019-1820", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "3.4", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1820", }, { name: "108345", refsource: "BID", url: "http://www.securityfocus.com/bid/108345", }, ], }, source: { advisory: "cisco-sa-20190515-pi-pathtrav-1820", defect: [ [ "CSCvo28684", "CSCvo62276", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1820", datePublished: "2019-05-16T01:10:45.832770Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-21T19:25:24.142Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1824
Vulnerability from cvelistv5
Published
2019-05-16 01:10
Modified
2024-11-20 17:18
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108337 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: 3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.884Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject", }, { name: "108337", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108337", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1824", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:54:23.615747Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:18:38.355Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "3.4", }, ], }, ], datePublic: "2019-05-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T09:06:04", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject", }, { name: "108337", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108337", }, ], source: { advisory: "cisco-sa-20190515-pi-sqlinject", defect: [ [ "CSCvo23576", "CSCvo28734", "CSCvo62268", "CSCvo62275", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-05-15T16:00:00-0700", ID: "CVE-2019-1824", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "3.4", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "8.1", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89", }, ], }, ], }, references: { reference_data: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject", }, { name: "108337", refsource: "BID", url: "http://www.securityfocus.com/bid/108337", }, ], }, source: { advisory: "cisco-sa-20190515-pi-sqlinject", defect: [ [ "CSCvo23576", "CSCvo28734", "CSCvo62268", "CSCvo62275", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1824", datePublished: "2019-05-16T01:10:20.144422Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:18:38.355Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6699
Vulnerability from cvelistv5
Published
2017-07-04 00:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038751 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/99221 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Prime Infrastructure and Evolved Programmable Network Manager |
Version: Cisco Prime Infrastructure and Evolved Programmable Network Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:41:17.110Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038751", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038751", }, { name: "99221", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99221", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure and Evolved Programmable Network Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Prime Infrastructure and Evolved Programmable Network Manager", }, ], }, ], datePublic: "2017-07-03T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).", }, ], problemTypes: [ { descriptions: [ { description: "Reflected Cross-Site Scripting Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-06T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1038751", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038751", }, { name: "99221", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99221", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-6699", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure and Evolved Programmable Network Manager", version: { version_data: [ { version_value: "Cisco Prime Infrastructure and Evolved Programmable Network Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Reflected Cross-Site Scripting Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "1038751", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038751", }, { name: "99221", refsource: "BID", url: "http://www.securityfocus.com/bid/99221", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6699", datePublished: "2017-07-04T00:00:00", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-08-05T15:41:17.110Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20205
Vulnerability from cvelistv5
Published
2023-08-16 21:38
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Prime Infrastructure |
Version: 2.0.0 Version: 2.0.10 Version: 2.0.39 Version: 2.1.0 Version: 2.1.1 Version: 2.1.2 Version: 2.1.56 Version: 2.2.0 Version: 2.2.1 Version: 2.2.2 Version: 2.2.3 Version: 2.2.10 Version: 2.2.8 Version: 2.2.4 Version: 2.2.7 Version: 2.2.5 Version: 2.2.9 Version: 2.2.1 Update 01 Version: 2.2.2 Update 03 Version: 2.2.2 Update 04 Version: 2.2.3 Update 02 Version: 2.2.3 Update 03 Version: 2.2.3 Update 04 Version: 2.2.3 Update 05 Version: 2.2.3 Update 06 Version: 3.0.0 Version: 3.0.1 Version: 3.0.2 Version: 3.0.3 Version: 3.0.4 Version: 3.0.6 Version: 3.0.5 Version: 3.0.7 Version: 3.1.0 Version: 3.1.1 Version: 3.1.7 Version: 3.1.5 Version: 3.1.2 Version: 3.1.3 Version: 3.1.4 Version: 3.1.6 Version: 3.2.2 Version: 3.2.0-FIPS Version: 3.2.1 Version: 3.3.0 Version: 3.3.1 Version: 3.3.0 Update 01 Version: 3.4.0 Version: 3.4.1 Version: 3.4.2 Version: 3.4.1 Update 01 Version: 3.4.1 Update 02 Version: 3.4.2 Update 01 Version: 3.5.0 Version: 3.5.1 Version: 3.5.0 Update 01 Version: 3.5.0 Update 02 Version: 3.5.0 Update 03 Version: 3.5.1 Update 01 Version: 3.5.1 Update 02 Version: 3.5.1 Update 03 Version: 3.6.0 Version: 3.6.0 Update 01 Version: 3.6.0 Update 02 Version: 3.6.0 Update 03 Version: 3.6.0 Update 04 Version: 2.1 Version: 2.2 Version: 3.2 Version: 3.4_DP1 Version: 3.4_DP3 Version: 3.4_DP2 Version: 3.5_DP1 Version: 3.4_DP7 Version: 3.4_DP10 Version: 3.4_DP5 Version: 3.1_DP15 Version: 3.4_DP11 Version: 3.4_DP8 Version: 3.7_DP1 Version: 3.3_DP4 Version: 3.10_DP1 Version: 3.8_DP1 Version: 3.7_DP2 Version: 3.6_DP1 Version: 3.1_DP16 Version: 3.5_DP4 Version: 3.3_DP3 Version: 3.2_DP2 Version: 3.4_DP4 Version: 3.1_DP14 Version: 3.1_DP6 Version: 3.1_DP9 Version: 3.4_DP6 Version: 3.2_DP3 Version: 3.4_DP9 Version: 3.3_DP2 Version: 3.2_DP1 Version: 3.1_DP10 Version: 3.9_DP1 Version: 3.3_DP1 Version: 3.1_DP13 Version: 3.5_DP2 Version: 3.1_DP12 Version: 3.1_DP4 Version: 3.5_DP3 Version: 3.1_DP8 Version: 3.1_DP7 Version: 3.2_DP4 Version: 3.1_DP11 Version: 3.1_DP5 Version: 3.7.0 Version: 3.7.1 Version: 3.7.1 Update 04 Version: 3.7.1 Update 06 Version: 3.7.1 Update 07 Version: 3.7.1 Update 03 Version: 3.7.0 Update 03 Version: 3.7.1 Update 01 Version: 3.7.1 Update 02 Version: 3.7.1 Update 05 Version: 3.8.0 Version: 3.8.1 Version: 3.8.1 Update 02 Version: 3.8.1 Update 04 Version: 3.8.1 Update 01 Version: 3.8.1 Update 03 Version: 3.8.0 Update 01 Version: 3.8.0 Update 02 Version: 3.9.0 Version: 3.9.1 Version: 3.9.1 Update 02 Version: 3.9.1 Update 03 Version: 3.9.1 Update 01 Version: 3.9.1 Update 04 Version: 3.9.0 Update 01 Version: 3.10.0 Version: 3.10.3 Version: 3.10.1 Version: 3.10.2 Version: 3.10 Update 01 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:35.372Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-pi-epnm-BFjSRJP5", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "2.0.0", }, { status: "affected", version: "2.0.10", }, { status: "affected", version: "2.0.39", }, { status: "affected", version: "2.1.0", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.56", }, { status: "affected", version: "2.2.0", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2.2", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.10", }, { status: "affected", version: "2.2.8", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.7", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "2.2.9", }, { status: "affected", version: "2.2.1 Update 01", }, { status: "affected", version: "2.2.2 Update 03", }, { status: "affected", version: "2.2.2 Update 04", }, { status: "affected", version: "2.2.3 Update 02", }, { status: "affected", version: "2.2.3 Update 03", }, { status: "affected", version: "2.2.3 Update 04", }, { status: "affected", version: "2.2.3 Update 05", }, { status: "affected", version: "2.2.3 Update 06", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0.4", }, { status: "affected", version: "3.0.6", }, { status: "affected", version: "3.0.5", }, { status: "affected", version: "3.0.7", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.7", }, { status: "affected", version: "3.1.5", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1.4", }, { status: "affected", version: "3.1.6", }, { status: "affected", version: "3.2.2", }, { status: "affected", version: "3.2.0-FIPS", }, { status: "affected", version: "3.2.1", }, { status: "affected", version: "3.3.0", }, { status: "affected", version: "3.3.1", }, { status: "affected", version: "3.3.0 Update 01", }, { status: "affected", version: "3.4.0", }, { status: "affected", version: "3.4.1", }, { status: "affected", version: "3.4.2", }, { status: "affected", version: "3.4.1 Update 01", }, { status: "affected", version: "3.4.1 Update 02", }, { status: "affected", version: "3.4.2 Update 01", }, { status: "affected", version: "3.5.0", }, { status: "affected", version: "3.5.1", }, { status: "affected", version: "3.5.0 Update 01", }, { status: "affected", version: "3.5.0 Update 02", }, { status: "affected", version: "3.5.0 Update 03", }, { status: "affected", version: "3.5.1 Update 01", }, { status: "affected", version: "3.5.1 Update 02", }, { status: "affected", version: "3.5.1 Update 03", }, { status: "affected", version: "3.6.0", }, { status: "affected", version: "3.6.0 Update 01", }, { status: "affected", version: "3.6.0 Update 02", }, { status: "affected", version: "3.6.0 Update 03", }, { status: "affected", version: "3.6.0 Update 04", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "3.2", }, { status: "affected", version: "3.4_DP1", }, { status: "affected", version: "3.4_DP3", }, { status: "affected", version: "3.4_DP2", }, { status: "affected", version: "3.5_DP1", }, { status: "affected", version: "3.4_DP7", }, { status: "affected", version: "3.4_DP10", }, { status: "affected", version: "3.4_DP5", }, { status: "affected", version: "3.1_DP15", }, { status: "affected", version: "3.4_DP11", }, { status: "affected", version: "3.4_DP8", }, { status: "affected", version: "3.7_DP1", }, { status: "affected", version: "3.3_DP4", }, { status: "affected", version: "3.10_DP1", }, { status: "affected", version: "3.8_DP1", }, { status: "affected", version: "3.7_DP2", }, { status: "affected", version: "3.6_DP1", }, { status: "affected", version: "3.1_DP16", }, { status: "affected", version: "3.5_DP4", }, { status: "affected", version: "3.3_DP3", }, { status: "affected", version: "3.2_DP2", }, { status: "affected", version: "3.4_DP4", }, { status: "affected", version: "3.1_DP14", }, { status: "affected", version: "3.1_DP6", }, { status: "affected", version: "3.1_DP9", }, { status: "affected", version: "3.4_DP6", }, { status: "affected", version: "3.2_DP3", }, { status: "affected", version: "3.4_DP9", }, { status: "affected", version: "3.3_DP2", }, { status: "affected", version: "3.2_DP1", }, { status: "affected", version: "3.1_DP10", }, { status: "affected", version: "3.9_DP1", }, { status: "affected", version: "3.3_DP1", }, { status: "affected", version: "3.1_DP13", }, { status: "affected", version: "3.5_DP2", }, { status: "affected", version: "3.1_DP12", }, { status: "affected", version: "3.1_DP4", }, { status: "affected", version: "3.5_DP3", }, { status: "affected", version: "3.1_DP8", }, { status: "affected", version: "3.1_DP7", }, { status: "affected", version: "3.2_DP4", }, { status: "affected", version: "3.1_DP11", }, { status: "affected", version: "3.1_DP5", }, { status: "affected", version: "3.7.0", }, { status: "affected", version: "3.7.1", }, { status: "affected", version: "3.7.1 Update 04", }, { status: "affected", version: "3.7.1 Update 06", }, { status: "affected", version: "3.7.1 Update 07", }, { status: "affected", version: "3.7.1 Update 03", }, { status: "affected", version: "3.7.0 Update 03", }, { status: "affected", version: "3.7.1 Update 01", }, { status: "affected", version: "3.7.1 Update 02", }, { status: "affected", version: "3.7.1 Update 05", }, { status: "affected", version: "3.8.0", }, { status: "affected", version: "3.8.1", }, { status: "affected", version: "3.8.1 Update 02", }, { status: "affected", version: "3.8.1 Update 04", }, { status: "affected", version: "3.8.1 Update 01", }, { status: "affected", version: "3.8.1 Update 03", }, { status: "affected", version: "3.8.0 Update 01", }, { status: "affected", version: "3.8.0 Update 02", }, { status: "affected", version: "3.9.0", }, { status: "affected", version: "3.9.1", }, { status: "affected", version: "3.9.1 Update 02", }, { status: "affected", version: "3.9.1 Update 03", }, { status: "affected", version: "3.9.1 Update 01", }, { status: "affected", version: "3.9.1 Update 04", }, { status: "affected", version: "3.9.0 Update 01", }, { status: "affected", version: "3.10.0", }, { status: "affected", version: "3.10.3", }, { status: "affected", version: "3.10.1", }, { status: "affected", version: "3.10.2", }, { status: "affected", version: "3.10 Update 01", }, ], }, { product: "Cisco Evolved Programmable Network Manager (EPNM)", vendor: "Cisco", versions: [ { status: "affected", version: "1.2.6", }, { status: "affected", version: "1.2.2", }, { status: "affected", version: "1.2.3", }, { status: "affected", version: "1.2.5", }, { status: "affected", version: "1.2.1.2", }, { status: "affected", version: "1.2.4", }, { status: "affected", version: "1.2.7", }, { status: "affected", version: "1.2", }, { status: "affected", version: "1.2.2.4", }, { status: "affected", version: "1.2.4.2", }, { status: "affected", version: "2.0.2", }, { status: "affected", version: "2.0.4", }, { status: "affected", version: "2.0.3", }, { status: "affected", version: "2.0.1", }, { status: "affected", version: "2.0", }, { status: "affected", version: "2.0.1.1", }, { status: "affected", version: "2.0.2.1", }, { status: "affected", version: "2.0.4.1", }, { status: "affected", version: "2.0.4.2", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.3", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.1.1.1", }, { status: "affected", version: "2.1.1.3", }, { status: "affected", version: "2.1.1.4", }, { status: "affected", version: "2.1.2.2", }, { status: "affected", version: "2.1.2.3", }, { status: "affected", version: "2.1.3.2", }, { status: "affected", version: "2.1.3.3", }, { status: "affected", version: "2.1.3.4", }, { status: "affected", version: "2.1.3.5", }, { status: "affected", version: "2.1.4", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "2.2.1.1", }, { status: "affected", version: "2.2.1.2", }, { status: "affected", version: "2.2.1.3", }, { status: "affected", version: "2.2.1.4", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1", }, { status: "affected", version: "4.1.1", }, { status: "affected", version: "4.1", }, { status: "affected", version: "4.1.1.1", }, { status: "affected", version: "4.1.1.2", }, { status: "affected", version: "4.0.3", }, { status: "affected", version: "4.0.1", }, { status: "affected", version: "4.0.2", }, { status: "affected", version: "4.0", }, { status: "affected", version: "4.0.3.1", }, { status: "affected", version: "5.0.1", }, { status: "affected", version: "5.0.2", }, { status: "affected", version: "5.0.2.5", }, { status: "affected", version: "5.0.2.3", }, { status: "affected", version: "5.0.2.4", }, { status: "affected", version: "5.0.2.1", }, { status: "affected", version: "5.0.2.2", }, { status: "affected", version: "5.0", }, { status: "affected", version: "5.1.1", }, { status: "affected", version: "5.1.2", }, { status: "affected", version: "5.1.3", }, { status: "affected", version: "5.1.4", }, { status: "affected", version: "5.1.4.2", }, { status: "affected", version: "5.1.4.1", }, { status: "affected", version: "5.1.4.3", }, { status: "affected", version: "5.1", }, { status: "affected", version: "5.1.3.1", }, { status: "affected", version: "5.1.3.2", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "6.0.0", }, { status: "affected", version: "6.0.2", }, { status: "affected", version: "6.0.1", }, { status: "affected", version: "6.0.2.1", }, { status: "affected", version: "6.0.1.1", }, { status: "affected", version: "6.0.3", }, { status: "affected", version: "6.1.1", }, { status: "affected", version: "6.1.1.1", }, { status: "affected", version: "6.1", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.\r\n\r These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:57:59.019Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-pi-epnm-BFjSRJP5", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5", }, ], source: { advisory: "cisco-sa-pi-epnm-BFjSRJP5", defects: [ "CSCwf29121", "CSCwe77122", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20205", datePublished: "2023-08-16T21:38:42.295Z", dateReserved: "2022-10-27T18:47:50.367Z", dateUpdated: "2024-08-02T09:05:35.372Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1821
Vulnerability from cvelistv5
Published
2019-05-16 01:10
Modified
2024-11-20 17:18
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108339 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: 3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.894Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { name: "108339", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108339", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1821", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T16:54:20.161196Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T17:18:12.432Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "3.4", }, ], }, ], datePublic: "2019-05-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-19T19:06:06", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { name: "108339", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108339", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html", }, ], source: { advisory: "cisco-sa-20190515-pi-rce", defect: [ [ "CSCvo22842", "CSCvo28671", "CSCvo28680", "CSCvo62258", "CSCvo62264", "CSCvo62280", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-05-15T16:00:00-0700", ID: "CVE-2019-1821", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "3.4", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "8.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce", }, { name: "108339", refsource: "BID", url: "http://www.securityfocus.com/bid/108339", }, { name: "http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html", }, ], }, source: { advisory: "cisco-sa-20190515-pi-rce", defect: [ [ "CSCvo22842", "CSCvo28671", "CSCvo28680", "CSCvo62258", "CSCvo62264", "CSCvo62280", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1821", datePublished: "2019-05-16T01:10:39.996854Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-20T17:18:12.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20121
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-28 16:30
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:57:35.706Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20230405 Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities", tags: [ "vendor-advisory", "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-adeos-MLAyEcvk", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20121", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-28T16:19:11.531063Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-28T16:30:40.095Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Identity Services Engine Software ", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2023-04-05T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. ", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-05T00:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20230405 Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities", tags: [ "vendor-advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-adeos-MLAyEcvk", }, ], source: { advisory: "cisco-sa-adeos-MLAyEcvk", defect: [ [ "CSCwd07345", "CSCwd07351", "CSCwd41018", "CSCwe07088", "CSCwe07091", ], ], discovery: "INTERNAL", }, title: "Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20121", datePublished: "2023-04-05T00:00:00", dateReserved: "2022-10-27T00:00:00", dateUpdated: "2024-10-28T16:30:40.095Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1291
Vulnerability from cvelistv5
Published
2016-04-06 23:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035497 | vdb-entry, x_refsource_SECTRACK | |
| https://blogs.securiteam.com/index.php/archives/2727 | x_refsource_MISC | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:48:13.653Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1035497", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035497", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blogs.securiteam.com/index.php/archives/2727", }, { name: "20160406 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-06T00:00:00", descriptions: [ { lang: "en", value: "Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-30T18:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1035497", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035497", }, { tags: [ "x_refsource_MISC", ], url: "https://blogs.securiteam.com/index.php/archives/2727", }, { name: "20160406 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-1291", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1035497", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035497", }, { name: "https://blogs.securiteam.com/index.php/archives/2727", refsource: "MISC", url: "https://blogs.securiteam.com/index.php/archives/2727", }, { name: "20160406 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-1291", datePublished: "2016-04-06T23:00:00", dateReserved: "2016-01-04T00:00:00", dateUpdated: "2024-08-05T22:48:13.653Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44228
Vulnerability from cvelistv5
Published
2021-12-10 00:00
Modified
2025-02-04 14:25
Severity ?
EPSS score ?
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Version: 2.0-beta9 < log4j-core* |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:17:24.696Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { name: "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { name: "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { name: "DSA-5020", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { name: "FEDORA-2021-f0f501d01f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { name: "Microsoft’s Response to CVE-2021-44228 Apache Log4j 2", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { name: "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { name: "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { name: "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { name: "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "VU#930724", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { tags: [ "x_transferred", ], url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { tags: [ "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { name: "FEDORA-2021-66d6c484f3", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { tags: [ "x_transferred", ], url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { name: "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { tags: [ "x_transferred", ], url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { tags: [ "x_transferred", ], url: "https://github.com/cisagov/log4j-affected-db", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213189", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { tags: [ "x_transferred", ], url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { name: "20220721 Open-Xchange Security Advisory 2022-07-21", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { name: "20221208 Intel Data Center Manager <= 5.1 Local Privileges Escalation", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-44228", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T14:25:34.416117Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-12-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44228", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-02-04T14:25:37.215Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Log4j2", vendor: "Apache Software Foundation", versions: [ { changes: [ { at: "2.3.1", status: "unaffected", }, { at: "2.4", status: "affected", }, { at: "2.12.2", status: "unaffected", }, { at: "2.13.0", status: "affected", }, { at: "2.15.0", status: "unaffected", }, ], lessThan: "log4j-core*", status: "affected", version: "2.0-beta9", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team.", }, ], descriptions: [ { lang: "en", value: "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.", }, ], metrics: [ { other: { content: { other: "critical", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-03T00:00:00.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://logging.apache.org/log4j/2.x/security.html", }, { name: "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { name: "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { name: "DSA-5020", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { name: "FEDORA-2021-f0f501d01f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { name: "Microsoft’s Response to CVE-2021-44228 Apache Log4j 2", tags: [ "vendor-advisory", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { name: "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { name: "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { name: "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { name: "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "VU#930724", tags: [ "third-party-advisory", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { name: "FEDORA-2021-66d6c484f3", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { name: "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { url: "https://github.com/cisagov/log4j-affected-db", }, { url: "https://support.apple.com/kb/HT213189", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { name: "20220721 Open-Xchange Security Advisory 2022-07-21", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { name: "20221208 Intel Data Center Manager <= 5.1 Local Privileges Escalation", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-44228", datePublished: "2021-12-10T00:00:00.000Z", dateReserved: "2021-11-26T00:00:00.000Z", dateUpdated: "2025-02-04T14:25:37.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20659
Vulnerability from cvelistv5
Published
2022-02-17 15:00
Modified
2024-11-06 16:30
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-P8fBz2FW | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:17:52.980Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220217 Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-P8fBz2FW", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20659", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T15:59:13.021667Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:30:26.879Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-02-17T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-17T15:00:17", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220217 Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-P8fBz2FW", }, ], source: { advisory: "cisco-sa-pi-epnm-xss-P8fBz2FW", defect: [ [ "CSCvz07279", "CSCvz09487", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-02-17T00:00:00", ID: "CVE-2022-20659", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20220217 Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-P8fBz2FW", }, ], }, source: { advisory: "cisco-sa-pi-epnm-xss-P8fBz2FW", defect: [ [ "CSCvz07279", "CSCvz09487", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20659", datePublished: "2022-02-17T15:00:17.788869Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-06T16:30:26.879Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20131
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-25 16:00
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:57:36.045Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", tags: [ "vendor-advisory", "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20131", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-25T14:35:17.326729Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T16:00:51.219Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure ", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2023-04-05T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. ", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-27", description: "CWE-27", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-05T00:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", tags: [ "vendor-advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, ], source: { advisory: "cisco-sa-pi-epnm-eRPWAXLe", defect: [ [ "CSCwc25461", "CSCwc51948", "CSCwc76734", "CSCwd28312", "CSCwd69561", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20131", datePublished: "2023-04-05T00:00:00", dateReserved: "2022-10-27T00:00:00", dateUpdated: "2024-10-25T16:00:51.219Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20271
Vulnerability from cvelistv5
Published
2024-01-17 16:56
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Prime Infrastructure |
Version: 2.0.0 Version: 2.0.10 Version: 2.0.39 Version: 2.1.0 Version: 2.1.1 Version: 2.1.2 Version: 2.1.56 Version: 2.2.0 Version: 2.2.1 Version: 2.2.2 Version: 2.2.3 Version: 2.2.10 Version: 2.2.8 Version: 2.2.4 Version: 2.2.7 Version: 2.2.5 Version: 2.2.9 Version: 2.2.1 Update 01 Version: 2.2.2 Update 03 Version: 2.2.2 Update 04 Version: 2.2.3 Update 02 Version: 2.2.3 Update 03 Version: 2.2.3 Update 04 Version: 2.2.3 Update 05 Version: 2.2.3 Update 06 Version: 3.0.0 Version: 3.0.1 Version: 3.0.2 Version: 3.0.3 Version: 3.0.4 Version: 3.0.6 Version: 3.0.5 Version: 3.0.7 Version: 3.1.0 Version: 3.1.1 Version: 3.1.7 Version: 3.1.5 Version: 3.1.2 Version: 3.1.3 Version: 3.1.4 Version: 3.1.6 Version: 3.2.2 Version: 3.2.0-FIPS Version: 3.2.1 Version: 3.3.0 Version: 3.3.1 Version: 3.3.0 Update 01 Version: 3.4.0 Version: 3.4.1 Version: 3.4.2 Version: 3.4.1 Update 01 Version: 3.4.1 Update 02 Version: 3.4.2 Update 01 Version: 3.5.0 Version: 3.5.1 Version: 3.5.0 Update 01 Version: 3.5.0 Update 02 Version: 3.5.0 Update 03 Version: 3.5.1 Update 01 Version: 3.5.1 Update 02 Version: 3.5.1 Update 03 Version: 3.6.0 Version: 3.6.0 Update 01 Version: 3.6.0 Update 02 Version: 3.6.0 Update 03 Version: 3.6.0 Update 04 Version: 2.1 Version: 2.2 Version: 3.2 Version: 3.4_DP1 Version: 3.4_DP3 Version: 3.4_DP2 Version: 3.5_DP1 Version: 3.4_DP7 Version: 3.4_DP10 Version: 3.4_DP5 Version: 3.1_DP15 Version: 3.4_DP11 Version: 3.4_DP8 Version: 3.7_DP1 Version: 3.3_DP4 Version: 3.10_DP1 Version: 3.8_DP1 Version: 3.7_DP2 Version: 3.6_DP1 Version: 3.1_DP16 Version: 3.5_DP4 Version: 3.3_DP3 Version: 3.2_DP2 Version: 3.4_DP4 Version: 3.1_DP14 Version: 3.1_DP6 Version: 3.1_DP9 Version: 3.4_DP6 Version: 3.2_DP3 Version: 3.4_DP9 Version: 3.3_DP2 Version: 3.2_DP1 Version: 3.1_DP10 Version: 3.9_DP1 Version: 3.3_DP1 Version: 3.1_DP13 Version: 3.5_DP2 Version: 3.1_DP12 Version: 3.1_DP4 Version: 3.5_DP3 Version: 3.1_DP8 Version: 3.1_DP7 Version: 3.2_DP4 Version: 3.1_DP11 Version: 3.1_DP5 Version: 3.7.0 Version: 3.7.1 Version: 3.7.1 Update 04 Version: 3.7.1 Update 06 Version: 3.7.1 Update 07 Version: 3.7.1 Update 03 Version: 3.7.0 Update 03 Version: 3.7.1 Update 01 Version: 3.7.1 Update 02 Version: 3.7.1 Update 05 Version: 3.8.0 Version: 3.8.1 Version: 3.8.1 Update 02 Version: 3.8.1 Update 04 Version: 3.8.1 Update 01 Version: 3.8.1 Update 03 Version: 3.8.0 Update 01 Version: 3.8.0 Update 02 Version: 3.9.0 Version: 3.9.1 Version: 3.9.1 Update 02 Version: 3.9.1 Update 03 Version: 3.9.1 Update 01 Version: 3.9.1 Update 04 Version: 3.9.0 Update 01 Version: 3.10.0 Version: 3.10.3 Version: 3.10.1 Version: 3.10.2 Version: 3.10 Update 01 Version: 3.10.4 Version: 3.10.4 Update 01 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.908Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-pi-epnm-wkZJeyeq", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "2.0.0", }, { status: "affected", version: "2.0.10", }, { status: "affected", version: "2.0.39", }, { status: "affected", version: "2.1.0", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.56", }, { status: "affected", version: "2.2.0", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2.2", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.10", }, { status: "affected", version: "2.2.8", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.7", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "2.2.9", }, { status: "affected", version: "2.2.1 Update 01", }, { status: "affected", version: "2.2.2 Update 03", }, { status: "affected", version: "2.2.2 Update 04", }, { status: "affected", version: "2.2.3 Update 02", }, { status: "affected", version: "2.2.3 Update 03", }, { status: "affected", version: "2.2.3 Update 04", }, { status: "affected", version: "2.2.3 Update 05", }, { status: "affected", version: "2.2.3 Update 06", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0.4", }, { status: "affected", version: "3.0.6", }, { status: "affected", version: "3.0.5", }, { status: "affected", version: "3.0.7", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.7", }, { status: "affected", version: "3.1.5", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1.4", }, { status: "affected", version: "3.1.6", }, { status: "affected", version: "3.2.2", }, { status: "affected", version: "3.2.0-FIPS", }, { status: "affected", version: "3.2.1", }, { status: "affected", version: "3.3.0", }, { status: "affected", version: "3.3.1", }, { status: "affected", version: "3.3.0 Update 01", }, { status: "affected", version: "3.4.0", }, { status: "affected", version: "3.4.1", }, { status: "affected", version: "3.4.2", }, { status: "affected", version: "3.4.1 Update 01", }, { status: "affected", version: "3.4.1 Update 02", }, { status: "affected", version: "3.4.2 Update 01", }, { status: "affected", version: "3.5.0", }, { status: "affected", version: "3.5.1", }, { status: "affected", version: "3.5.0 Update 01", }, { status: "affected", version: "3.5.0 Update 02", }, { status: "affected", version: "3.5.0 Update 03", }, { status: "affected", version: "3.5.1 Update 01", }, { status: "affected", version: "3.5.1 Update 02", }, { status: "affected", version: "3.5.1 Update 03", }, { status: "affected", version: "3.6.0", }, { status: "affected", version: "3.6.0 Update 01", }, { status: "affected", version: "3.6.0 Update 02", }, { status: "affected", version: "3.6.0 Update 03", }, { status: "affected", version: "3.6.0 Update 04", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "3.2", }, { status: "affected", version: "3.4_DP1", }, { status: "affected", version: "3.4_DP3", }, { status: "affected", version: "3.4_DP2", }, { status: "affected", version: "3.5_DP1", }, { status: "affected", version: "3.4_DP7", }, { status: "affected", version: "3.4_DP10", }, { status: "affected", version: "3.4_DP5", }, { status: "affected", version: "3.1_DP15", }, { status: "affected", version: "3.4_DP11", }, { status: "affected", version: "3.4_DP8", }, { status: "affected", version: "3.7_DP1", }, { status: "affected", version: "3.3_DP4", }, { status: "affected", version: "3.10_DP1", }, { status: "affected", version: "3.8_DP1", }, { status: "affected", version: "3.7_DP2", }, { status: "affected", version: "3.6_DP1", }, { status: "affected", version: "3.1_DP16", }, { status: "affected", version: "3.5_DP4", }, { status: "affected", version: "3.3_DP3", }, { status: "affected", version: "3.2_DP2", }, { status: "affected", version: "3.4_DP4", }, { status: "affected", version: "3.1_DP14", }, { status: "affected", version: "3.1_DP6", }, { status: "affected", version: "3.1_DP9", }, { status: "affected", version: "3.4_DP6", }, { status: "affected", version: "3.2_DP3", }, { status: "affected", version: "3.4_DP9", }, { status: "affected", version: "3.3_DP2", }, { status: "affected", version: "3.2_DP1", }, { status: "affected", version: "3.1_DP10", }, { status: "affected", version: "3.9_DP1", }, { status: "affected", version: "3.3_DP1", }, { status: "affected", version: "3.1_DP13", }, { status: "affected", version: "3.5_DP2", }, { status: "affected", version: "3.1_DP12", }, { status: "affected", version: "3.1_DP4", }, { status: "affected", version: "3.5_DP3", }, { status: "affected", version: "3.1_DP8", }, { status: "affected", version: "3.1_DP7", }, { status: "affected", version: "3.2_DP4", }, { status: "affected", version: "3.1_DP11", }, { status: "affected", version: "3.1_DP5", }, { status: "affected", version: "3.7.0", }, { status: "affected", version: "3.7.1", }, { status: "affected", version: "3.7.1 Update 04", }, { status: "affected", version: "3.7.1 Update 06", }, { status: "affected", version: "3.7.1 Update 07", }, { status: "affected", version: "3.7.1 Update 03", }, { status: "affected", version: "3.7.0 Update 03", }, { status: "affected", version: "3.7.1 Update 01", }, { status: "affected", version: "3.7.1 Update 02", }, { status: "affected", version: "3.7.1 Update 05", }, { status: "affected", version: "3.8.0", }, { status: "affected", version: "3.8.1", }, { status: "affected", version: "3.8.1 Update 02", }, { status: "affected", version: "3.8.1 Update 04", }, { status: "affected", version: "3.8.1 Update 01", }, { status: "affected", version: "3.8.1 Update 03", }, { status: "affected", version: "3.8.0 Update 01", }, { status: "affected", version: "3.8.0 Update 02", }, { status: "affected", version: "3.9.0", }, { status: "affected", version: "3.9.1", }, { status: "affected", version: "3.9.1 Update 02", }, { status: "affected", version: "3.9.1 Update 03", }, { status: "affected", version: "3.9.1 Update 01", }, { status: "affected", version: "3.9.1 Update 04", }, { status: "affected", version: "3.9.0 Update 01", }, { status: "affected", version: "3.10.0", }, { status: "affected", version: "3.10.3", }, { status: "affected", version: "3.10.1", }, { status: "affected", version: "3.10.2", }, { status: "affected", version: "3.10 Update 01", }, { status: "affected", version: "3.10.4", }, { status: "affected", version: "3.10.4 Update 01", }, ], }, { product: "Cisco Evolved Programmable Network Manager (EPNM)", vendor: "Cisco", versions: [ { status: "affected", version: "1.2.6", }, { status: "affected", version: "1.2.2", }, { status: "affected", version: "1.2.3", }, { status: "affected", version: "1.2.5", }, { status: "affected", version: "1.2.1.2", }, { status: "affected", version: "1.2.4", }, { status: "affected", version: "1.2.7", }, { status: "affected", version: "1.2", }, { status: "affected", version: "1.2.2.4", }, { status: "affected", version: "1.2.4.2", }, { status: "affected", version: "2.0.2", }, { status: "affected", version: "2.0.4", }, { status: "affected", version: "2.0.3", }, { status: "affected", version: "2.0.1", }, { status: "affected", version: "2.0", }, { status: "affected", version: "2.0.1.1", }, { status: "affected", version: "2.0.2.1", }, { status: "affected", version: "2.0.4.1", }, { status: "affected", version: "2.0.4.2", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.3", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.1.1.1", }, { status: "affected", version: "2.1.1.3", }, { status: "affected", version: "2.1.1.4", }, { status: "affected", version: "2.1.2.2", }, { status: "affected", version: "2.1.2.3", }, { status: "affected", version: "2.1.3.2", }, { status: "affected", version: "2.1.3.3", }, { status: "affected", version: "2.1.3.4", }, { status: "affected", version: "2.1.3.5", }, { status: "affected", version: "2.1.4", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "2.2.1.1", }, { status: "affected", version: "2.2.1.2", }, { status: "affected", version: "2.2.1.3", }, { status: "affected", version: "2.2.1.4", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1", }, { status: "affected", version: "4.1.1", }, { status: "affected", version: "4.1", }, { status: "affected", version: "4.1.1.1", }, { status: "affected", version: "4.1.1.2", }, { status: "affected", version: "4.0.3", }, { status: "affected", version: "4.0.1", }, { status: "affected", version: "4.0.2", }, { status: "affected", version: "4.0", }, { status: "affected", version: "4.0.3.1", }, { status: "affected", version: "5.0.1", }, { status: "affected", version: "5.0.2", }, { status: "affected", version: "5.0.2.5", }, { status: "affected", version: "5.0.2.3", }, { status: "affected", version: "5.0.2.4", }, { status: "affected", version: "5.0.2.1", }, { status: "affected", version: "5.0.2.2", }, { status: "affected", version: "5.0", }, { status: "affected", version: "5.0.2.6", }, { status: "affected", version: "5.1.1", }, { status: "affected", version: "5.1.2", }, { status: "affected", version: "5.1.3", }, { status: "affected", version: "5.1.4", }, { status: "affected", version: "5.1.4.2", }, { status: "affected", version: "5.1.4.1", }, { status: "affected", version: "5.1.4.3", }, { status: "affected", version: "5.1", }, { status: "affected", version: "5.1.3.1", }, { status: "affected", version: "5.1.3.2", }, { status: "affected", version: "5.1.4.4", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "6.0.0", }, { status: "affected", version: "6.0.2", }, { status: "affected", version: "6.0.1", }, { status: "affected", version: "6.0.2.1", }, { status: "affected", version: "6.0.1.1", }, { status: "affected", version: "6.0.3", }, { status: "affected", version: "6.0.3.1", }, { status: "affected", version: "6.1.1", }, { status: "affected", version: "6.1.1.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.1.2", }, { status: "affected", version: "6.1.1.2.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-02T15:42:33.023Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-pi-epnm-wkZJeyeq", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", }, ], source: { advisory: "cisco-sa-pi-epnm-wkZJeyeq", defects: [ "CSCwf81862", "CSCwf83557", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20271", datePublished: "2024-01-17T16:56:25.553Z", dateReserved: "2022-10-27T18:47:50.373Z", dateUpdated: "2024-08-02T09:05:36.908Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20129
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-25 16:01
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:57:35.593Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", tags: [ "vendor-advisory", "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20129", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-25T14:35:30.474321Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T16:01:15.745Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure ", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2023-04-05T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. ", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-27", description: "CWE-27", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-05T00:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", tags: [ "vendor-advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe", }, ], source: { advisory: "cisco-sa-pi-epnm-eRPWAXLe", defect: [ [ "CSCwc25461", "CSCwc51948", "CSCwc76734", "CSCwd28312", "CSCwd69561", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20129", datePublished: "2023-04-05T00:00:00", dateReserved: "2022-10-27T00:00:00", dateUpdated: "2024-10-25T16:01:15.745Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34707
Vulnerability from cvelistv5
Published
2021-08-04 17:20
Modified
2024-11-07 22:04
Severity ?
EPSS score ?
Summary
A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-disc-PjTZ5r6C | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Evolved Programmable Network Manager (EPNM) |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:19:48.085Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210804 Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-disc-PjTZ5r6C", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-34707", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T21:41:02.901757Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T22:04:19.538Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Evolved Programmable Network Manager (EPNM)", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-08-04T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-04T17:20:42", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210804 Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-disc-PjTZ5r6C", }, ], source: { advisory: "cisco-sa-epnm-info-disc-PjTZ5r6C", defect: [ [ "CSCvs67013", ], ], discovery: "INTERNAL", }, title: "Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-08-04T16:00:00", ID: "CVE-2021-34707", STATE: "PUBLIC", TITLE: "Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Evolved Programmable Network Manager (EPNM)", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "20210804 Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-disc-PjTZ5r6C", }, ], }, source: { advisory: "cisco-sa-epnm-info-disc-PjTZ5r6C", defect: [ [ "CSCvs67013", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-34707", datePublished: "2021-08-04T17:20:42.713361Z", dateReserved: "2021-06-15T00:00:00", dateUpdated: "2024-11-07T22:04:19.538Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20222
Vulnerability from cvelistv5
Published
2023-08-16 21:39
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device.
The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Prime Infrastructure |
Version: 2.0.0 Version: 2.0.10 Version: 2.0.39 Version: 2.1.0 Version: 2.1.1 Version: 2.1.2 Version: 2.1.56 Version: 2.2.0 Version: 2.2.1 Version: 2.2.2 Version: 2.2.3 Version: 2.2.10 Version: 2.2.8 Version: 2.2.4 Version: 2.2.7 Version: 2.2.5 Version: 2.2.9 Version: 2.2.1 Update 01 Version: 2.2.2 Update 03 Version: 2.2.2 Update 04 Version: 2.2.3 Update 02 Version: 2.2.3 Update 03 Version: 2.2.3 Update 04 Version: 2.2.3 Update 05 Version: 2.2.3 Update 06 Version: 3.0.0 Version: 3.0.1 Version: 3.0.2 Version: 3.0.3 Version: 3.0.4 Version: 3.0.6 Version: 3.0.5 Version: 3.0.7 Version: 3.1.0 Version: 3.1.1 Version: 3.1.7 Version: 3.1.5 Version: 3.1.2 Version: 3.1.3 Version: 3.1.4 Version: 3.1.6 Version: 3.2.2 Version: 3.2.0-FIPS Version: 3.2.1 Version: 3.3.0 Version: 3.3.1 Version: 3.3.0 Update 01 Version: 3.4.0 Version: 3.4.1 Version: 3.4.2 Version: 3.4.1 Update 01 Version: 3.4.1 Update 02 Version: 3.4.2 Update 01 Version: 3.5.0 Version: 3.5.1 Version: 3.5.0 Update 01 Version: 3.5.0 Update 02 Version: 3.5.0 Update 03 Version: 3.5.1 Update 01 Version: 3.5.1 Update 02 Version: 3.5.1 Update 03 Version: 3.6.0 Version: 3.6.0 Update 01 Version: 3.6.0 Update 02 Version: 3.6.0 Update 03 Version: 3.6.0 Update 04 Version: 2.1 Version: 2.2 Version: 3.2 Version: 3.4_DP1 Version: 3.4_DP3 Version: 3.4_DP2 Version: 3.5_DP1 Version: 3.4_DP7 Version: 3.4_DP10 Version: 3.4_DP5 Version: 3.1_DP15 Version: 3.4_DP11 Version: 3.4_DP8 Version: 3.7_DP1 Version: 3.3_DP4 Version: 3.10_DP1 Version: 3.8_DP1 Version: 3.7_DP2 Version: 3.6_DP1 Version: 3.1_DP16 Version: 3.5_DP4 Version: 3.3_DP3 Version: 3.2_DP2 Version: 3.4_DP4 Version: 3.1_DP14 Version: 3.1_DP6 Version: 3.1_DP9 Version: 3.4_DP6 Version: 3.2_DP3 Version: 3.4_DP9 Version: 3.3_DP2 Version: 3.2_DP1 Version: 3.1_DP10 Version: 3.9_DP1 Version: 3.3_DP1 Version: 3.1_DP13 Version: 3.5_DP2 Version: 3.1_DP12 Version: 3.1_DP4 Version: 3.5_DP3 Version: 3.1_DP8 Version: 3.1_DP7 Version: 3.2_DP4 Version: 3.1_DP11 Version: 3.1_DP5 Version: 3.7.0 Version: 3.7.1 Version: 3.7.1 Update 04 Version: 3.7.1 Update 06 Version: 3.7.1 Update 07 Version: 3.7.1 Update 03 Version: 3.7.0 Update 03 Version: 3.7.1 Update 01 Version: 3.7.1 Update 02 Version: 3.7.1 Update 05 Version: 3.8.0 Version: 3.8.1 Version: 3.8.1 Update 02 Version: 3.8.1 Update 04 Version: 3.8.1 Update 01 Version: 3.8.1 Update 03 Version: 3.8.0 Update 01 Version: 3.8.0 Update 02 Version: 3.9.0 Version: 3.9.1 Version: 3.9.1 Update 02 Version: 3.9.1 Update 03 Version: 3.9.1 Update 01 Version: 3.9.1 Update 04 Version: 3.9.0 Update 01 Version: 3.10.0 Version: 3.10.3 Version: 3.10.1 Version: 3.10.2 Version: 3.10.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-pi-epnm-storedxss-tTjO62r", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-storedxss-tTjO62r", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "2.0.0", }, { status: "affected", version: "2.0.10", }, { status: "affected", version: "2.0.39", }, { status: "affected", version: "2.1.0", }, { status: "affected", version: "2.1.1", }, { status: "affected", version: "2.1.2", }, { status: "affected", version: "2.1.56", }, { status: "affected", version: "2.2.0", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2.2", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "2.2.10", }, { status: "affected", version: "2.2.8", }, { status: "affected", version: "2.2.4", }, { status: "affected", version: "2.2.7", }, { status: "affected", version: "2.2.5", }, { status: "affected", version: "2.2.9", }, { status: "affected", version: "2.2.1 Update 01", }, { status: "affected", version: "2.2.2 Update 03", }, { status: "affected", version: "2.2.2 Update 04", }, { status: "affected", version: "2.2.3 Update 02", }, { status: "affected", version: "2.2.3 Update 03", }, { status: "affected", version: "2.2.3 Update 04", }, { status: "affected", version: "2.2.3 Update 05", }, { status: "affected", version: "2.2.3 Update 06", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "3.0.1", }, { status: "affected", version: "3.0.2", }, { status: "affected", version: "3.0.3", }, { status: "affected", version: "3.0.4", }, { status: "affected", version: "3.0.6", }, { status: "affected", version: "3.0.5", }, { status: "affected", version: "3.0.7", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.1.1", }, { status: "affected", version: "3.1.7", }, { status: "affected", version: "3.1.5", }, { status: "affected", version: "3.1.2", }, { status: "affected", version: "3.1.3", }, { status: "affected", version: "3.1.4", }, { status: "affected", version: "3.1.6", }, { status: "affected", version: "3.2.2", }, { status: "affected", version: "3.2.0-FIPS", }, { status: "affected", version: "3.2.1", }, { status: "affected", version: "3.3.0", }, { status: "affected", version: "3.3.1", }, { status: "affected", version: "3.3.0 Update 01", }, { status: "affected", version: "3.4.0", }, { status: "affected", version: "3.4.1", }, { status: "affected", version: "3.4.2", }, { status: "affected", version: "3.4.1 Update 01", }, { status: "affected", version: "3.4.1 Update 02", }, { status: "affected", version: "3.4.2 Update 01", }, { status: "affected", version: "3.5.0", }, { status: "affected", version: "3.5.1", }, { status: "affected", version: "3.5.0 Update 01", }, { status: "affected", version: "3.5.0 Update 02", }, { status: "affected", version: "3.5.0 Update 03", }, { status: "affected", version: "3.5.1 Update 01", }, { status: "affected", version: "3.5.1 Update 02", }, { status: "affected", version: "3.5.1 Update 03", }, { status: "affected", version: "3.6.0", }, { status: "affected", version: "3.6.0 Update 01", }, { status: "affected", version: "3.6.0 Update 02", }, { status: "affected", version: "3.6.0 Update 03", }, { status: "affected", version: "3.6.0 Update 04", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.2", }, { status: "affected", version: "3.2", }, { status: "affected", version: "3.4_DP1", }, { status: "affected", version: "3.4_DP3", }, { status: "affected", version: "3.4_DP2", }, { status: "affected", version: "3.5_DP1", }, { status: "affected", version: "3.4_DP7", }, { status: "affected", version: "3.4_DP10", }, { status: "affected", version: "3.4_DP5", }, { status: "affected", version: "3.1_DP15", }, { status: "affected", version: "3.4_DP11", }, { status: "affected", version: "3.4_DP8", }, { status: "affected", version: "3.7_DP1", }, { status: "affected", version: "3.3_DP4", }, { status: "affected", version: "3.10_DP1", }, { status: "affected", version: "3.8_DP1", }, { status: "affected", version: "3.7_DP2", }, { status: "affected", version: "3.6_DP1", }, { status: "affected", version: "3.1_DP16", }, { status: "affected", version: "3.5_DP4", }, { status: "affected", version: "3.3_DP3", }, { status: "affected", version: "3.2_DP2", }, { status: "affected", version: "3.4_DP4", }, { status: "affected", version: "3.1_DP14", }, { status: "affected", version: "3.1_DP6", }, { status: "affected", version: "3.1_DP9", }, { status: "affected", version: "3.4_DP6", }, { status: "affected", version: "3.2_DP3", }, { status: "affected", version: "3.4_DP9", }, { status: "affected", version: "3.3_DP2", }, { status: "affected", version: "3.2_DP1", }, { status: "affected", version: "3.1_DP10", }, { status: "affected", version: "3.9_DP1", }, { status: "affected", version: "3.3_DP1", }, { status: "affected", version: "3.1_DP13", }, { status: "affected", version: "3.5_DP2", }, { status: "affected", version: "3.1_DP12", }, { status: "affected", version: "3.1_DP4", }, { status: "affected", version: "3.5_DP3", }, { status: "affected", version: "3.1_DP8", }, { status: "affected", version: "3.1_DP7", }, { status: "affected", version: "3.2_DP4", }, { status: "affected", version: "3.1_DP11", }, { status: "affected", version: "3.1_DP5", }, { status: "affected", version: "3.7.0", }, { status: "affected", version: "3.7.1", }, { status: "affected", version: "3.7.1 Update 04", }, { status: "affected", version: "3.7.1 Update 06", }, { status: "affected", version: "3.7.1 Update 07", }, { status: "affected", version: "3.7.1 Update 03", }, { status: "affected", version: "3.7.0 Update 03", }, { status: "affected", version: "3.7.1 Update 01", }, { status: "affected", version: "3.7.1 Update 02", }, { status: "affected", version: "3.7.1 Update 05", }, { status: "affected", version: "3.8.0", }, { status: "affected", version: "3.8.1", }, { status: "affected", version: "3.8.1 Update 02", }, { status: "affected", version: "3.8.1 Update 04", }, { status: "affected", version: "3.8.1 Update 01", }, { status: "affected", version: "3.8.1 Update 03", }, { status: "affected", version: "3.8.0 Update 01", }, { status: "affected", version: "3.8.0 Update 02", }, { status: "affected", version: "3.9.0", }, { status: "affected", version: "3.9.1", }, { status: "affected", version: "3.9.1 Update 02", }, { status: "affected", version: "3.9.1 Update 03", }, { status: "affected", version: "3.9.1 Update 01", }, { status: "affected", version: "3.9.1 Update 04", }, { status: "affected", version: "3.9.0 Update 01", }, { status: "affected", version: "3.10.0", }, { status: "affected", version: "3.10.3", }, { status: "affected", version: "3.10.1", }, { status: "affected", version: "3.10.2", }, { status: "affected", version: "3.10.4", }, ], }, { product: "Cisco Evolved Programmable Network Manager (EPNM)", vendor: "Cisco", versions: [ { status: "affected", version: "N/A", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device.\r\n\r The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-80", description: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:58:24.048Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-pi-epnm-storedxss-tTjO62r", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-storedxss-tTjO62r", }, ], source: { advisory: "cisco-sa-pi-epnm-storedxss-tTjO62r", defects: [ "CSCwf14099", "CSCwf15468", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20222", datePublished: "2023-08-16T21:39:30.076Z", dateReserved: "2022-10-27T18:47:50.368Z", dateUpdated: "2024-08-02T09:05:36.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34733
Vulnerability from cvelistv5
Published
2021-09-02 03:05
Modified
2024-11-07 22:01
Severity ?
EPSS score ?
Summary
A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:19:48.123Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210901 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-34733", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T21:40:49.559578Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T22:01:47.254Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Prime Infrastructure", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-09-01T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "CWE-522", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-02T03:05:34", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210901 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2", }, ], source: { advisory: "cisco-sa-prime-info-disc-nTU9FJ2", defect: [ [ "CSCvs07213", "CSCvs07217", "CSCvz12884", "CSCvz12896", ], ], discovery: "INTERNAL", }, title: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-09-01T16:00:00", ID: "CVE-2021-34733", STATE: "PUBLIC", TITLE: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Prime Infrastructure", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "5.5", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-522", }, ], }, ], }, references: { reference_data: [ { name: "20210901 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2", }, ], }, source: { advisory: "cisco-sa-prime-info-disc-nTU9FJ2", defect: [ [ "CSCvs07213", "CSCvs07217", "CSCvz12884", "CSCvz12896", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-34733", datePublished: "2021-09-02T03:05:34.520314Z", dateReserved: "2021-06-15T00:00:00", dateUpdated: "2024-11-07T22:01:47.254Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1290
Vulnerability from cvelistv5
Published
2016-04-06 23:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035498 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:48:13.675Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1035498", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035498", }, { name: "20160406 Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-06T00:00:00", descriptions: [ { lang: "en", value: "The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-30T18:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1035498", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035498", }, { name: "20160406 Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-1290", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1035498", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035498", }, { name: "20160406 Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-1290", datePublished: "2016-04-06T23:00:00", dateReserved: "2016-01-04T00:00:00", dateUpdated: "2024-08-05T22:48:13.675Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }