Lucene search

CiscoCISCO-SA-20151008-PCA

HistoryOct 08, 2015 - 8:10 p.m.

Cisco Prime Collaboration Assurance Arbitrary File Retrieval Vulnerability

2015-10-0820:10:00

tools.cisco.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

EPSS

0.001

Percentile

38.8%

JSON

A vulnerability in the web framework of Cisco Prime Collaboration Assurance (PCA) could allow an authenticated, remote attacker to retrieve arbitrary files from the underlying file system.

The vulnerability is due to incorrect implementation of the access control code. An attacker could exploit this vulnerability by submitting a crafted URL to the system.

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca”]

Affected configurations

Vulners

Node

ciscoprime_collaboration_assuranceMatchany

VendorProductVersionCPE
ciscoprime_collaboration_assuranceanycpe:2.3:a:cisco:prime_collaboration_assurance:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_collaboration_assurance	any	cpe:2.3:a:cisco:prime_collaboration_assurance:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

EPSS

0.001

Percentile

38.8%

JSON

Related for CISCO-SA-20151008-PCA