[c-nsp] Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Sep 16 12:24:19 EDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability


Advisory ID: cisco-sa-20150916-pcp

Revision 1.0

For Public Release 2015 September 16 16:00  UTC (GMT) 

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions.

An exploit could allow the attacker to access functions some of which should be accessible only to users who have administrative privileges. This includes creating an administrative user.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJV+ZYgAAoJEIpI1I6i1Mx3icAQAJLrLhHzt9nr7hZFbRV8Rp2L
1kYZw3q2K8aJG854DzyU0WcQV7xeMwCC+YAs1Z0R73a/CTFYqmfv7MLNOjJZauob
WDBLkhen5mqr38uyxN5RrvYB8ZNhEzyd2wRSSxUKTG3Peq1TpU3rXCdhJXIuElPQ
G4MHFyGrEqKd501knQBLmIPnJ75LGLWrHuT6BkTNKaL7b/3xg4P+nkcPSR/aGnuO
IDjoaiTD2K7ggByGtb66mAtgQWJ86UVPEE4r3wMTDLXjnjXj8EvSQ1wRERcpu5dH
tJyKvlhE+sR3HPvOMN/NYRlM2Q3+kdaxAbfek/39bwALKyz2GShNUxN0WTajsDTw
LCYhoX1Ul6PPW5bBYE9RwqRvSZrJ+hVgG0CUJwsmtTs7sgg9dOLofTk9RNP/mTmA
4lXcFs6PK4t/ZscDX+SG0NfbC8yc1PK92FEnugGm6FmcDw/0pyGjeRSmHZdUp5F6
b6DDfchaf19AiCnSEOcpU71fAu2NScydo/ebigcgKyo5aNZ4QWLN1eO63pg4AqOQ
z7X3je767Ro0xIwIAM+eeBbvm3TzZ594AqnT1gNr+8i+xqGE0qQwgpIQAYHwDmy2
1ayyHF4uCiPtvNLZaQNxxax+WRmClDJzXK83J9AEYIPlccdthb1umCVX723qffgj
ekdqIhCjP0RayzEFyupE
=9zj1
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list