Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

2015-09-16T16:00:00
ID CISCO-SA-20150916-PCP
Type cisco
Reporter Cisco
Modified 2015-09-16T15:13:20

Description

A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions.

An exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative privileges. This includes creating an administrative user.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp"]

A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions.

The vulnerability is due to improper implementation of authorization and access controls. An attacker could exploit this vulnerability by sending a crafted URL to the system. The attacker would need to be logged in to the system to exploit this vulnerability.

An exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative privileges. Because of this vulnerability, an attacker may be able to create an additional administrative user and access or manipulate data.