Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability
CVE-2019-1662

8.2HIGH

Key Information:

Vendor
Cisco
Status
Cisco Prime Collaboration Assurance
Vendor
CVE Published:
21 February 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerability affects Cisco PCA Software Releases prior to 12.1 SP2.

Affected Version(s)

Cisco Prime Collaboration Assurance 12.1 SP2

References

http://www.securityfocus.com/bid/107096
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.