Guest

Preview Tool

Cisco Bug: CSCvs29777 - Cisco Prime Collaboration Assurance Information Disclosure Vulnerability

Last Modified

Apr 13, 2020

Products (1)

  • Cisco Prime Collaboration

Known Affected Releases

12.1SP3

Description (partial)

Symptom:
A vulnerability in the web interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks.

The vulnerability is due to the fact that Cisco Prime Collaboration Assurance does not sufficiently protect sensitive data when responding to a HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from Cisco Prime Collaboration Assurance. An exploit could allow the attacker to find out sensitive information about the application.

Conditions:
The device running with default configuration running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.