Information Disclosure in Cisco Prime Collaboration Assurance Web Framework
CVE-2015-4305

Currently unrated

Key Information:

Vendor: Cisco
Status: Prime Collaboration Assurance
Vendor: CVE Published:; 20 September 2015

Summary

The web framework in Cisco's Prime Collaboration Assurance prior to version 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions. This vulnerability enables these users to discover sensitive credentials or SNMP communities associated with arbitrary tenant domains through the manipulation of crafted URLs. Such exposure poses a significant risk, potentially leading to unauthorized access to critical system information.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033581

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Sep 20, 2015
Vulnerability Reserved
Jun 4, 2015