Cisco Bug: CSCvs29777 - Cisco Prime Collaboration Assurance Information Disclosure Vulnerability
Apr 13, 2020
- Cisco Prime Collaboration
Known Affected Releases
Symptom: A vulnerability in the web interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the fact that Cisco Prime Collaboration Assurance does not sufficiently protect sensitive data when responding to a HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from Cisco Prime Collaboration Assurance. An exploit could allow the attacker to find out sensitive information about the application. Conditions: The device running with default configuration running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases