Executive Summary

Title Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability
Name cisco-sa-20150916-pcp First vendor Publication 2015-09-16
Vendor Cisco Last vendor Modification 2015-09-16
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions.

An exploit could allow the attacker to access functions some of which should be accessible only to users who have administrative privileges. This includes creating an administrative user.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp

BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJV+ZYgAAoJEIpI1I6i1Mx3icAQAJLrLhHzt9nr7hZFbRV8Rp2L 1kYZw3q2K8aJG854DzyU0WcQV7xeMwCC+YAs1Z0R73a/CTFYqmfv7MLNOjJZauob WDBLkhen5mqr38uyxN5RrvYB8ZNhEzyd2wRSSxUKTG3Peq1TpU3rXCdhJXIuElPQ G4MHFyGrEqKd501knQBLmIPnJ75LGLWrHuT6BkTNKaL7b/3xg4P+nkcPSR/aGnuO IDjoaiTD2K7ggByGtb66mAtgQWJ86UVPEE4r3wMTDLXjnjXj8EvSQ1wRERcpu5dH tJyKvlhE+sR3HPvOMN/NYRlM2Q3+kdaxAbfek/39bwALKyz2GShNUxN0WTajsDTw LCYhoX1Ul6PPW5bBYE9RwqRvSZrJ+hVgG0CUJwsmtTs7sgg9dOLofTk9RNP/mTmA 4lXcFs6PK4t/ZscDX+SG0NfbC8yc1PK92FEnugGm6FmcDw/0pyGjeRSmHZdUp5F6 b6DDfchaf19AiCnSEOcpU71fAu2NScydo/ebigcgKyo5aNZ4QWLN1eO63pg4AqOQ z7X3je767Ro0xIwIAM+eeBbvm3TzZ594AqnT1gNr+8i+xqGE0qQwgpIQAYHwDmy2 1ayyHF4uCiPtvNLZaQNxxax+WRmClDJzXK83J9AEYIPlccdthb1umCVX723qffgj ekdqIhCjP0RayzEFyupE =9zj1 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Application 6

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-09-24 IAVM : 2015-A-0226 - Cisco Prime Collaboration Provisioning Security Bypass Vulnerability
Severity : Category II - VMSKEY : V0061479

Snort® IPS/IDS

Date Description
2016-10-06 Cisco prime collaboration provisioning web framework access control bypass at...
RuleID : 40287 - Revision : 1 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2015-09-29 Name : The remote network management device is affected by a security bypass vulnera...
File : cisco_prime_cp_sa-20150916.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2015-10-18 17:22:11
  • Multiple Updates
2015-09-30 13:24:13
  • Multiple Updates
2015-09-22 00:26:41
  • Multiple Updates
2015-09-16 21:21:55
  • First insertion