Vulnslist

find the latest Cisco vulnerabilities

Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

cisco-sa-20150916-pcp · High · Published · Updated

A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions. An exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative privileges. This includes creating an administrative user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp

Cisco advisory ·CSAF JSON

Workarounds

There is no workaround that mitigates this vulnerability.

CVEsCVE-2015-4307
Cisco Bug IDsCSCut64111
CVSS ScoreBase 8.5
Base 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Prime Collaboration Provisioning

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2015-4307 Cisco OpenVuln
Cisco Application Centric Infrastructure Virtual Edge CVE-2015-4307 Cisco OpenVuln
Cisco Prime Collaboration Provisioning CVE-2015-4307 Cisco OpenVuln
Cisco Prime Collaboration CVE-2015-4307 Cisco OpenVuln