Cisco Prime Collaboration Assurance Directory Listing Unauthorized Access Vulnerability

2017-02-1516:00:00

tools.cisco.com

EPSS

0.001

Percentile

41.7%

JSON

A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files.

The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to view and download system files that should be restricted.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp2[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp2”]

Affected configurations

Vulners

Node

ciscoprime_collaboration_assuranceMatchany

VendorProductVersionCPE
ciscoprime_collaboration_assuranceanycpe:2.3:a:cisco:prime_collaboration_assurance:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_collaboration_assurance	any	cpe:2.3:a:cisco:prime_collaboration_assurance:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp2

EPSS

0.001

Percentile

41.7%

JSON

Related for CISCO-SA-20170215-PCP2