CVE-2015-4304 — Cisco Prime Collaboration Assurance vulnerability

CWE-2644 documents4 sources

Severity

9.0CRITICALNVD

EPSS

0.4%

top 41.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Collaboration Assurance

Timeline

PublishedSep 20

Latest updateMay 17

Description

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/prime_collaboration_assurance6 versions+5

🔴Vulnerability Details

GHSA

GHSA-65h5-996j-w6qc: The web framework in Cisco Prime Collaboration Assurance before 10↗2022-05-17

▶

CVEList

CVE-2015-4304: The web framework in Cisco Prime Collaboration Assurance before 10↗2015-09-20

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Prime Collaboration Assurance↗2015-09-16

▶