Guest

Preview Tool

Cisco Bug: CSCus62671 - PCA Web Framework Access Controls Bypass Vulnerability

Last Modified

May 02, 2016

Products (1)

  • Cisco Prime Collaboration

Known Affected Releases

10.5(1)

Description (partial)

Symptoms:
Cisco Prime Collaboration Assurance Software contains the following vulnerabilities:

    Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability
    Cisco Prime Collaboration Assurance Information Disclosure Vulnerability
    Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability


Successful exploitation of the Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability and Cisco Prime
Collaboration Assurance Session ID Privilege Escalation Vulnerability could allow an authenticated attacker to perform tasks with the privileges
of an administrator for any domain or customer managed by the affected system.

Successful exploitation of the Cisco Prime Collaboration Assurance Information Disclosure Vulnerability could allow an authenticated attacker to
access sensitive information, such as SNMP community strings and administrative credentials, of any devices imported in the system database.

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca


Conditions:
see security advisory
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.