CPE Details
Cisco Prime Infrastructure 3.10.4
3.10.4
2024-07-31
09h28 +00:00
09h28 +00:00
2024-07-31
09h28 +00:00
09h28 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*
Informations
Vendor
ciscoProduct
prime_infrastructureVersion
3.10.4Update
-Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system. | 6.7 |
Medium |
||
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. An attacker could exploit this vulnerability by uploading a document containing malicious serialized Java objects to be processed by the affected application. A successful exploit could allow the attacker to cause the application to execute arbitrary commands. | 7.2 |
High |
||
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database. | 6.5 |
Medium |
||
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application. | 4.8 |
Medium |
||
| A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646. | 6.1 |
Medium |
2025©
tesweb SA
