CVE-2015-4306 — Cisco Prime Collaboration Assurance vulnerability

CWE-2644 documents4 sources

Severity

8.5HIGHNVD

EPSS

0.4%

top 40.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Collaboration Assurance

Timeline

PublishedSep 20

Latest updateMay 17

Description

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/prime_collaboration_assurance6 versions+5

🔴Vulnerability Details

GHSA

GHSA-gxxg-46w4-8xx4: The web framework in Cisco Prime Collaboration Assurance before 10↗2022-05-17

▶

CVEList

CVE-2015-4306: The web framework in Cisco Prime Collaboration Assurance before 10↗2015-09-20

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Prime Collaboration Assurance↗2015-09-16

▶