CVE-2015-4305 — Cisco Prime Collaboration Assurance vulnerability

CWE-2645 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 61.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Collaboration Assurance

Timeline

PublishedSep 20

Latest updateMay 17

Description

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/prime_collaboration_assurance6 versions+5

🔴Vulnerability Details

GHSA

GHSA-gv5m-498p-x725: The web framework in Cisco Prime Collaboration Assurance before 10↗2022-05-17

▶

CVEList

CVE-2015-4305: The web framework in Cisco Prime Collaboration Assurance before 10↗2015-09-20

▶

📋Vendor Advisories

Cisco

Cisco Prime Collaboration Assurance Information Disclosure Vulnerability↗2015-09-16

▶

Cisco

Multiple Vulnerabilities in Cisco Prime Collaboration Assurance↗2015-09-16

▶