CVE-2015-4306

Published: Sep 20, 2015Modified: May 6, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.

Affected (6)

Products: Cisco: Prime Collaboration Assurance

Cisco

1 product

Prime Collaboration Assurance

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Cisco Prime Collaboration Assurance	Version 10.0.0
Cisco Prime Collaboration Assurance	Version 10.5.0
Cisco Prime Collaboration Assurance	Version 10.5.1
Cisco Prime Collaboration Assurance	Version 10.6.0
Cisco Prime Collaboration Assurance	Version 9.0.0
Cisco Prime Collaboration Assurance	Version 9.5.0

Related CWEs

CWE-264

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1033581

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1033581

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.