Cisco Prime Collaboration Assurance Software contains the following vulnerabilities:

Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability
Cisco Prime Collaboration Assurance Information Disclosure Vulnerability
Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability

Successful exploitation of the Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability and Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability could allow an authenticated attacker to perform tasks with the privileges of an administrator for any domain or customer managed by the affected system.

Successful exploitation of the Cisco Prime Collaboration Assurance Information Disclosure Vulnerability could allow an authenticated attacker to access sensitive information, such as Simple Network Management Protocol (SNMP) community strings and administrative credentials, of any devices imported in the system database.

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca

Leave a Reply