The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PC4HCS

computer vulnerability note CVE-2015-4292

Cisco Prime Central Hosted Collaboration Solution: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Prime Central Hosted Collaboration Solution, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 31/07/2015.
Identifiers: 40214, CSCuv45818, CVE-2015-4292, VIGILANCE-VUL-17549.

Description of the vulnerability

The Cisco Prime Central Hosted Collaboration Solution product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Prime Central Hosted Collaboration Solution, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-0741

Cisco Prime Central for HCS: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger Cross Site Requests Forgery in Cisco Prime Central for HCS, in order to force the victim to perform operations.
Impacted products: Cisco Prime Central for HCS, Prime Infrastructure.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 21/05/2015.
Identifiers: 38927, cisco-sa-20160629-pi-epnm, CSCut04596, CSCuw95626, CSCva27600, CVE-2015-0741, VIGILANCE-VUL-16953.

Description of the vulnerability

The Cisco Prime Central for HCS product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Cisco Prime Central for HCS, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-5562

Cisco Prime Central for HCS: denial of service via TCP

Synthesis of the vulnerability

An attacker can send numerous TCP data to the ITM web interface of Cisco Prime Central for Hosted Collaboration Solution, in order to trigger a denial of service.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 05/11/2013.
Identifiers: BID-63514, CSCuh36313, CVE-2013-5562, VIGILANCE-VUL-13707.

Description of the vulnerability

An attacker can send numerous TCP data to the ITM web interface of Cisco Prime Central for Hosted Collaboration Solution, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-5564

Cisco Prime Central for HCS: denial of service via TCP

Synthesis of the vulnerability

An attacker can send numerous TCP data to a Java process of Cisco Prime Central for Hosted Collaboration Solution, in order to trigger a denial of service.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 04/11/2013.
Identifiers: BID-63490, CSCug57345, CVE-2013-5564, VIGILANCE-VUL-13693.

Description of the vulnerability

An attacker can send numerous TCP data to a Java process of Cisco Prime Central for Hosted Collaboration Solution, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-3409

Cisco Prime Central for HCS: password disclosure

Synthesis of the vulnerability

A local attacker can read Cisco Prime Central for HCS logs, in order to obtain passwords, to access to the database for example.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 10/10/2013.
Identifiers: BID-62924, CSCuh33735, CSCuh34230, CVE-2013-3409, VIGILANCE-VUL-13579.

Description of the vulnerability

The Cisco Prime Central for HCS product logs passwords.

However, access privileges to the temporary log file are not restricted.

A local attacker can therefore read Cisco Prime Central for HCS logs, in order to obtain passwords, to access to the database for example.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-3473

Cisco Prime Central for Hosted Collaboration Solution Assurance: password disclosure

Synthesis of the vulnerability

An unauthenticated attacker can use Cisco Prime Central for Hosted Collaboration Solution Assurance, in order to obtain the list of logins and passwords.
Impacted products: Cisco Prime Central for HCS.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading.
Provenance: intranet client.
Creation date: 18/09/2013.
Identifiers: BID-62489, CERTA-2013-AVI-533, cisco-sa-20130918-pc, CSCud32600, CVE-2013-3473, VIGILANCE-VUL-13444.

Description of the vulnerability

The Cisco Prime Central for HCS Assurance product offers a web service.

However, an attacker can use an HTTP query, in order to list user names and their passwords.

An unauthenticated attacker can therefore use Cisco Prime Central for Hosted Collaboration Solution Assurance, in order to obtain the list of logins and passwords.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-3387 CVE-2013-3388 CVE-2013-3389

Cisco Prime Central for HCS Assurance: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Cisco Prime Central for HCS Assurance.
Impacted products: Cisco Prime Central for HCS.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 21/08/2013.
Identifiers: BID-61912, BID-61914, BID-61916, BID-61920, CERTA-2013-AVI-491, cisco-sa-20130821-hcm, CSCtz90114, CSCtz92776, CSCua42724, CSCub59158, CVE-2013-3387, CVE-2013-3388, CVE-2013-3389, CVE-2013-3390, VIGILANCE-VUL-13302.

Description of the vulnerability

Several vulnerabilities were announced in Cisco Prime Central for Hosted Collaboration Solution Assurance.

An attacker can create a memory leak via TCP, in order to trigger a denial of service. [severity:3/4; BID-61914, CSCub59158, CVE-2013-3390]

An attacker can create a memory leak via ports 61615/tcp and 61616/tcp, in order to trigger a denial of service. [severity:3/4; BID-61912, CSCtz90114, CVE-2013-3389]

An attacker can create a memory leak via the Ephemeral Java Port, in order to trigger a denial of service. [severity:3/4; BID-61916, CSCtz92776, CVE-2013-3388]

An attacker can fill the disk, in order to trigger a denial of service. [severity:3/4; BID-61920, CSCua42724, CVE-2013-3387]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-3375

Cisco Prime Central: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Cisco Prime Central, in order to execute JavaScript code in the context of the web site.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 18/06/2013.
Identifiers: CSCue23798, CVE-2013-3375, VIGILANCE-VUL-12990.

Description of the vulnerability

Cisco Prime includes a Web portal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in Cisco Prime Central, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-1156 CVE-2013-1157 CVE-2013-1158

Cisco Prime Central for Hosted Collaboration Solution: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Cisco Prime Central for Hosted Collaboration Solution.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 02/05/2013.
Identifiers: BID-59632, BID-59635, BID-59696, BID-59697, BID-59702, CSCud51034, CSCud51068, CSCud54397, CSCud56706, CSCud56743, CVE-2013-1156, CVE-2013-1157, CVE-2013-1158, CVE-2013-1159, CVE-2013-1160, VIGILANCE-VUL-12746.

Description of the vulnerability

Several vulnerabilities were announced in Cisco Prime Central for Hosted Collaboration Solution.

An attacker can traverse a directory, in order to read a file. [severity:2/4; BID-59702, CSCud51034, CVE-2013-1156]

An attacker can trigger a Cross Site Scripting of ITM Java Servlet Container, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59632, CSCud51068, CVE-2013-1157]

An attacker can trigger a Cross Site Scripting in ITM Help Menus, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59635, CSCud54397, CVE-2013-1158]

An attacker can trigger a Cross Site Scripting in NCI Web Menus, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59697, CSCud56706, CVE-2013-1159]

An attacker can trigger a Cross Site Scripting in OpenView Web Menus, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59696, CSCud56743, CVE-2013-1160]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-1174

Cisco Prime Central for HCS Assurance: denial of service via TBSM

Synthesis of the vulnerability

An attacker can send numerous packets to Cisco TBSM of Cisco Prime Central for HCS Assurance, in order to trigger a denial of service.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 08/04/2013.
Identifiers: BID-58907, CSCue03703, CVE-2013-1174, VIGILANCE-VUL-12612.

Description of the vulnerability

The Cisco Prime Central for HCS Assurance product uses Cisco Tivoli Business Service Manager (TBSM).

However, Cisco TBSM does not correctly process packets received on ports 17310-17542/tcp.

An attacker can therefore send numerous packets to Cisco TBSM of Cisco Prime Central for HCS Assurance, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PC4HCS: