Access Control Vulnerability in Cisco Prime Collaboration Assurance

CVE-2015-4304

Summary

The web framework in Cisco Prime Collaboration Assurance prior to version 10.5.1.53684-1 contains an access control vulnerability that allows remote authenticated users to manipulate URL requests. This manipulation results in the potential to bypass access restrictions, enabling users to create administrative accounts or to access sensitive data across arbitrary tenant domains. The issue was identified as part of multiple vulnerabilities, including Bug IDs CSCus62671 and CSCus62652, emphasizing the need for users to secure their installations against unauthorized actions.

References