Cisco Prime Central for Hosted Collaboration Solution Directory Traversal Vulnerability

A vulnerability in Cisco Prime Central for Hosted Collaboration Solution could allow an unauthenticated, remote attacker to view system files.

The vulnerability is due to insufficient path traversal prevention. An attacker could exploit this vulnerability by submitting a crafted URL. An exploit could allow the attacker to view system files.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions in an attempt to persuade a user to follow the malicious link.

Customers are advised to review the bug report in the Vendor Announcements section for a current list of affected versions.