A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files.
The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to view and download system files that should be restricted.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | prime_collaboration_assurance | any | cpe:2.3:a:cisco:prime_collaboration_assurance:any:*:*:*:*:*:*:* |