The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Prime Collaboration Assurance

weakness bulletin CVE-2019-1856

Cisco Prime Collaboration Assurance: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Prime Collaboration Assurance, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 02/05/2019.
Identifiers: cisco-sa-20190501-pca-xss, CSCvk13522, CVE-2019-1856, VIGILANCE-VUL-29186.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Prime Collaboration Assurance, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2018-15450

Cisco Prime Collaboration Assurance: privilege escalation via Web-based UI File Overwrite

Synthesis of the vulnerability

An attacker can bypass restrictions via Web-based UI File Overwrite of Cisco Prime Collaboration Assurance, in order to escalate his privileges.
Severity: 2/4.
Creation date: 07/11/2018.
Identifiers: CERTFR-2018-AVI-536, cisco-sa-20181107-pca-overwrite, CSCvj07247, CVE-2018-15450, VIGILANCE-VUL-27720.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Web-based UI File Overwrite of Cisco Prime Collaboration Assurance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2018-15438

Cisco Prime Collaboration Assurance: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Cisco Prime Collaboration Assurance, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 18/10/2018.
Identifiers: CERTFR-2018-AVI-502, cisco-sa-20181017-cpca-csrf, CSCvj07251, CVE-2018-15438, VIGILANCE-VUL-27558.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco Prime Collaboration Assurance product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Cisco Prime Collaboration Assurance, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0458

Cisco Prime Collaboration Assurance: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Prime Collaboration Assurance, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 06/09/2018.
Identifiers: CERTFR-2018-AVI-423, cisco-sa-20180905-pca-xss, CSCvg15441, CVE-2018-0458, VIGILANCE-VUL-27159.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco Prime Collaboration Assurance product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Prime Collaboration Assurance, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-5391

Linux kernel: denial of service via FragmentSmack

Synthesis of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 16/08/2018.
Identifiers: ADV180022, CERTFR-2018-AVI-390, CERTFR-2018-AVI-392, CERTFR-2018-AVI-419, CERTFR-2018-AVI-457, CERTFR-2018-AVI-478, CERTFR-2018-AVI-533, CERTFR-2019-AVI-233, CERTFR-2019-AVI-242, cisco-sa-20180824-linux-ip-fragment, CVE-2018-5391, DLA-1466-1, DLA-1529-1, DSA-2019-062, DSA-4272-1, FragmentSmack, JSA10917, K74374841, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, openSUSE-SU-2019:0274-1, PAN-SA-2018-0012, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2846-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, RHSA-2018:3459-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, sk134253, SUSE-SU-2018:2344-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2596-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:1289-1, SYMSA1467, Synology-SA-18:44, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, VIGILANCE-VUL-27009, VU#641765.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2017-6779

Cisco: denial of service via Log File Size

Synthesis of the vulnerability

An attacker can generate a fatal error via Log File Size of Cisco, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 07/06/2018.
Identifiers: CERTFR-2018-AVI-270, cisco-sa-20180606-diskdos, CVE-2017-6779, VIGILANCE-VUL-26343.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Log File Size of Cisco, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2017-6659

Cisco Prime Collaboration Assurance: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Cisco Prime Collaboration Assurance, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 08/06/2017.
Identifiers: cisco-sa-20170607-pca, CVE-2017-6659, VIGILANCE-VUL-22924.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Cisco Prime Collaboration Assurance, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-3733

OpenSSL: denial of service via the "Encrypt-Then-Mac" option

Synthesis of the vulnerability

An attacker can change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 16/02/2017.
Identifiers: 2003480, 2003620, 2003673, 2004940, CERTFR-2017-AVI-035, cisco-sa-20170130-openssl, cpuapr2019, cpujan2018, cpuoct2017, CVE-2017-3733, HPESBGN03728, VIGILANCE-VUL-21871.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

OpenSSL implements the possibility of renegotiation of TLS option and parameters during a session.

However, for some combinations of algorithms, the negation of the state of the option "Encrypt-Then-Mac" generates a fatal error.

An attacker can therefore change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3843

Cisco Prime Collaboration Assurance: file download

Synthesis of the vulnerability

An attacker can traverse directories of Cisco Prime Collaboration Assurance, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 16/02/2017.
Identifiers: CERTFR-2017-AVI-052, cisco-sa-20170215-pcp1, CVE-2017-3843, VIGILANCE-VUL-21861.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco Prime Collaboration Assurance product offers a web service.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories of Cisco Prime Collaboration Assurance, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2017-3844

Cisco Prime Collaboration Assurance: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Cisco Prime Collaboration Assurance, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 16/02/2017.
Identifiers: CERTFR-2017-AVI-052, cisco-sa-20170215-pcp2, CVE-2017-3844, VIGILANCE-VUL-21859.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco Prime Collaboration Assurance product offers a web service.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories of Cisco Prime Collaboration Assurance, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.