The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Prime Infrastructure

computer vulnerability alert CVE-2017-6782

Cisco Prime Infrastructure: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Impacted products: Prime Infrastructure.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 17/08/2017.
Identifiers: CERTFR-2017-AVI-269, cisco-sa-20170816-cpi, CSCve47074, CVE-2017-6782, VIGILANCE-VUL-23556.

Description of the vulnerability

The Cisco Prime Infrastructure product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-6725

Cisco Prime Infrastructure: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Impacted products: Prime Infrastructure.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 22/06/2017.
Identifiers: CERTFR-2017-AVI-191, cisco-sa-20170621-piwf1, CSCuw65833, CSCuw65837, CVE-2017-6725, VIGILANCE-VUL-23065.

Description of the vulnerability

The Cisco Prime Infrastructure product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-6724

Cisco Prime Infrastructure: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Impacted products: Prime Infrastructure.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 22/06/2017.
Identifiers: CERTFR-2017-AVI-191, cisco-sa-20170621-piwf, CSCuw65843, CVE-2017-6724, VIGILANCE-VUL-23064.

Description of the vulnerability

The Cisco Prime Infrastructure product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-6700

Cisco Prime Infrastructure: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Impacted products: Prime Infrastructure.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 22/06/2017.
Identifiers: CERTFR-2017-AVI-191, cisco-sa-20170621-piepnm4, CSCvc24620, CSCvc49586, CVE-2017-6700, VIGILANCE-VUL-23063.

Description of the vulnerability

The Cisco Prime Infrastructure product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-6699

Cisco Prime Infrastructure: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Impacted products: Prime Infrastructure.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 22/06/2017.
Identifiers: CERTFR-2017-AVI-191, cisco-sa-20170621-piepnm3, CSCvc24616, CSCvc35363, CSCvc49574, CVE-2017-6699, VIGILANCE-VUL-23062.

Description of the vulnerability

The Cisco Prime Infrastructure product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-6698

Cisco Prime Infrastructure: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Cisco Prime Infrastructure, in order to read or alter data.
Impacted products: Prime Infrastructure.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 22/06/2017.
Identifiers: CERTFR-2017-AVI-191, cisco-sa-20170621-piepnm2, CSCvc23892, CSCvc35270, CSCvc35626, CSCvc35630, CSCvc49568, CVE-2017-6698, VIGILANCE-VUL-23061.

Description of the vulnerability

The Cisco Prime Infrastructure product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Cisco Prime Infrastructure, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-6662

Cisco Prime Infrastructure: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to Cisco Prime Infrastructure, in order to run code, read a file, scan sites, or trigger a denial of service.
Impacted products: Prime Infrastructure.
Severity: 3/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 22/06/2017.
Revision date: 22/06/2017.
Identifiers: CERTFR-2017-AVI-191, cisco-sa-20170621-piepnm1, CSCvc23894, CSCvc49561, CVE-2017-6662, VIGILANCE-VUL-23051.

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the Cisco Prime Infrastructure parser allows external entities.

An attacker can therefore transmit malicious XML data to Cisco Prime Infrastructure, in order to run code, read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-6611

Cisco Prime Infrastructure: Cross Site Scripting via Web Framework

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Web Framework of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Impacted products: Prime Infrastructure.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/04/2017.
Identifiers: CERTFR-2017-AVI-127, cisco-sa-20170419-cpi, CVE-2017-6611, VIGILANCE-VUL-22515.

Description of the vulnerability

The Cisco Prime Infrastructure product offers a web service.

However, it does not filter received data via Web Framework before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Web Framework of Cisco Prime Infrastructure, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-3884

Cisco Prime Infrastructure: information disclosure via HTTP Request

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HTTP Request of Cisco Prime Infrastructure, in order to obtain sensitive information.
Impacted products: Prime Infrastructure.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 06/04/2017.
Identifiers: cisco-sa-20170405-cpi, CSCvc60031, CSCvc60041, CSCvc60095, CSCvc60102, CVE-2017-3884, VIGILANCE-VUL-22355.

Description of the vulnerability

An attacker can bypass access restrictions to data via HTTP Request of Cisco Prime Infrastructure, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3869

Cisco Prime Infrastructure: privilege escalation via API Credentials Management

Synthesis of the vulnerability

An attacker can bypass restrictions via API Credentials Management of Cisco Prime Infrastructure, in order to escalate his privileges.
Impacted products: Prime Infrastructure.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 16/03/2017.
Identifiers: cisco-sa-20170315-cpi, CSCuy36192, CVE-2017-3869, VIGILANCE-VUL-22157.

Description of the vulnerability

An attacker can bypass restrictions via API Credentials Management of Cisco Prime Infrastructure, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Prime Infrastructure: