[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 16 Sep 2015 12:23:34 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration 
Assurance


Advisory ID: cisco-sa-20150916-pca

Revision 1.0

For Public Release 2015 September 16 16:00  UTC (GMT) 


+---------------------------------------------------------------------
Summary
=======
Cisco Prime Collaboration Assurance Software contains the following 
vulnerabilities:

  * Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass 
Vulnerability
  * Cisco Prime Collaboration Assurance Information Disclosure Vulnerability
  * Cisco Prime Collaboration Assurance Session ID Privilege Escalation 
Vulnerability


Successful exploitation of the Cisco Prime Collaboration Assurance Web 
Framework Access Controls Bypass Vulnerability and Cisco Prime Collaboration 
Assurance Session ID Privilege Escalation Vulnerability could allow an 
authenticated attacker to perform tasks with the privileges of an administrator 
for any domain or customer managed by the affected system.

Successful exploitation of the Cisco Prime Collaboration Assurance Information 
Disclosure Vulnerability could allow an authenticated attacker to access 
sensitive information, such as SNMP community strings and administrative 
credentials, of any devices imported in the system database.

Cisco has released software updates that address these vulnerabilities. 
Workarounds that mitigate these vulnerabilities are not available. This 
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJV+ZYNAAoJEIpI1I6i1Mx3IYEP/0h0hDtNwLTTMtLf800IV6zs
T6QtgHMCpBLvV1AOurzE1x5dnCIm5KJEDDDadDDxSoOl6EU78+0nDOhNSiAcfoYb
aH3+Q0M/JW7nF02CGEYkDqZ7j6WwFoFzpuegjaJkWBG+va3AnP5mUSgIpqxgEL0z
C+r28HAohgQCYGe13ozj05J23iyf6rDi/G/yWtkb7BqjMcGz+bzpjcHHQdRRfU6E
4yHBPQFGhcOi8qARMUbOK1OkCif8Z64/oqWy1WP1fvZMrIZkKHBe8p/0KpoomJFV
CENiWcHvf8d2SzKYdRxCZvOLutoZT9Ec4MgzAeQ1ENW2XsoKP2KpA2HSYRt64kau
DOzpIeoGbwqe0UBbcdn8BxOvCk63DFOw8RblPD6O1pTmhchdZGesCr0RBZUgcv3J
/TcQiyvutGDAGaxlGW5MzKUwK986lEE1xjq+bdLc37XyCs4OWIA9exN4yk/v7pH8
emfronbPniGzFylUNjVFhN0hSgNEkd89BZO4S24UqZVyAr0hKTgjha9O+CepUyMC
ui5W2/CpE05fR8o7nTuTG24r3aJE19+BesOsAVkMW+sbUOT6HjZdL/G0VsvCXb5m
s6GdlHvtUSIVSr8PTCT6VlYMiKUWNjq+rKldxXZhm2rAKtXwqPFjIL+UB4yykWha
LvVVZW9DjDafYeIahD/J
=oLvr
-----END PGP SIGNATURE-----

Prev by Date: [security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution
Next by Date: Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability
Previous by thread: [security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution
Next by thread: Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability
Index(es):
- Date
- Thread