Bugtraq mailing list archives

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance

From: Cisco Systems Product Security Incident Response Team <psirt () cisco com>
Date: Wed, 16 Sep 2015 12:23:34 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance


Advisory ID: cisco-sa-20150916-pca

Revision 1.0

For Public Release 2015 September 16 16:00  UTC (GMT) 


+---------------------------------------------------------------------
Summary
=======
Cisco Prime Collaboration Assurance Software contains the following vulnerabilities:

  * Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability
  * Cisco Prime Collaboration Assurance Information Disclosure Vulnerability
  * Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability


Successful exploitation of the Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability 
and Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability could allow an authenticated 
attacker to perform tasks with the privileges of an administrator for any domain or customer managed by the affected 
system.

Successful exploitation of the Cisco Prime Collaboration Assurance Information Disclosure Vulnerability could allow an 
authenticated attacker to access sensitive information, such as SNMP community strings and administrative credentials, 
of any devices imported in the system database.

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities 
are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJV+ZYNAAoJEIpI1I6i1Mx3IYEP/0h0hDtNwLTTMtLf800IV6zs
T6QtgHMCpBLvV1AOurzE1x5dnCIm5KJEDDDadDDxSoOl6EU78+0nDOhNSiAcfoYb
aH3+Q0M/JW7nF02CGEYkDqZ7j6WwFoFzpuegjaJkWBG+va3AnP5mUSgIpqxgEL0z
C+r28HAohgQCYGe13ozj05J23iyf6rDi/G/yWtkb7BqjMcGz+bzpjcHHQdRRfU6E
4yHBPQFGhcOi8qARMUbOK1OkCif8Z64/oqWy1WP1fvZMrIZkKHBe8p/0KpoomJFV
CENiWcHvf8d2SzKYdRxCZvOLutoZT9Ec4MgzAeQ1ENW2XsoKP2KpA2HSYRt64kau
DOzpIeoGbwqe0UBbcdn8BxOvCk63DFOw8RblPD6O1pTmhchdZGesCr0RBZUgcv3J
/TcQiyvutGDAGaxlGW5MzKUwK986lEE1xjq+bdLc37XyCs4OWIA9exN4yk/v7pH8
emfronbPniGzFylUNjVFhN0hSgNEkd89BZO4S24UqZVyAr0hKTgjha9O+CepUyMC
ui5W2/CpE05fR8o7nTuTG24r3aJE19+BesOsAVkMW+sbUOT6HjZdL/G0VsvCXb5m
s6GdlHvtUSIVSr8PTCT6VlYMiKUWNjq+rKldxXZhm2rAKtXwqPFjIL+UB4yykWha
LvVVZW9DjDafYeIahD/J
=oLvr
-----END PGP SIGNATURE-----

Current thread:

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance Cisco Systems Product Security Incident Response Team (Sep 16)