A vulnerability in the web framework of Cisco Prime Collaboration Assurance (PCA) could allow an authenticated, remote attacker to retrieve arbitrary files from the underlying file system.

The vulnerability is due to incorrect implementation of the access control code. An attacker could exploit this vulnerability by submitting a crafted URL to the system.

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca

Leave a Reply