9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
52.4%
Cisco Prime Collaboration Assurance Software contains the following vulnerabilities:
Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability
Cisco Prime Collaboration Assurance Information Disclosure Vulnerability
Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability
Successful exploitation of the Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability and Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability could allow an authenticated attacker to perform tasks with the privileges of an administrator for any domain or customer managed by the affected system.
Successful exploitation of the Cisco Prime Collaboration Assurance Information Disclosure Vulnerability could allow an authenticated attacker to access sensitive information, such as Simple Network Management Protocol (SNMP) community strings and administrative credentials, of any devices imported in the system database.
Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.
This advisory is available at the following link:
CPE | Name | Operator | Version |
---|---|---|---|
cisco prime collaboration assurance | eq | any | |
cisco prime collaboration assurance | eq | any |