Authentication Bypass Vulnerability in Cisco Prime Collaboration Assurance
CVE-2015-4306

Currently unrated

Key Information:

Vendor
Cisco
Status
Prime Collaboration Assurance
Vendor
CVE Published:
20 September 2015

Summary

The web framework in Cisco Prime Collaboration Assurance versions prior to 10.5.1.53684-1 is susceptible to an authentication bypass vulnerability. This allows remote authenticated users to circumvent intended session read restrictions. By discovering a session identifier and crafting a specific URL, attackers can impersonate administrators across arbitrary tenant domains, potentially leading to unauthorized access and control over sensitive information. Users are advised to upgrade to the latest version to mitigate this security risk.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1033581
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.