CVE-2015-6389 — Improper Authentication in Cisco Prime Collaboration Assurance

CWE-287 — Improper Authentication4 documents4 sources

Severity

9.0CRITICALNVD

EPSS

0.6%

top 31.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Collaboration Assurance

Timeline

PublishedDec 13

Latest updateMay 17

Description

Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707.

CVSS vector

AV:N/AC:L/C:P/I:P/A:CExploitability: 10.0 | Impact: 8.5

Affected Packages1 packages

▶NVDcisco/prime_collaboration_assurance10.5.1, 10.6.0+1

🔴Vulnerability Details

GHSA

GHSA-36v9-qrwx-hfc8: Cisco Prime Collaboration Assurance before 11↗2022-05-17

▶

CVEList

CVE-2015-6389: Cisco Prime Collaboration Assurance before 11↗2015-12-13

▶

📋Vendor Advisories

Cisco

Cisco Prime Collaboration Assurance Default Account Credential Vulnerability↗2015-12-09

▶