CVE-2015-4304

Published: Sep 20, 2015Modified: May 6, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652.

Affected (6)

Products: Cisco: Prime Collaboration Assurance

Cisco

1 product

Prime Collaboration Assurance

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Cisco Prime Collaboration Assurance	Version 10.0.0
Cisco Prime Collaboration Assurance	Version 10.5.0
Cisco Prime Collaboration Assurance	Version 10.5.1
Cisco Prime Collaboration Assurance	Version 10.6.0
Cisco Prime Collaboration Assurance	Version 9.0.0
Cisco Prime Collaboration Assurance	Version 9.5.0

Related CWEs

CWE-264

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1033581

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1033581

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.