Lucene search
HistorySep 20, 2015 - 1:59 a.m.
CVE-2015-4305
cisco
prime collaboration assurance
web framework
system-database
read restrictions
cve-2015-4305
nvd
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.5%
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656.
Affected configurations
Node
ciscoprime_collaboration_assuranceMatch9.0.0
ORciscoprime_collaboration_assuranceMatch9.5.0
ORciscoprime_collaboration_assuranceMatch10.0.0
ORciscoprime_collaboration_assuranceMatch10.5.0
ORciscoprime_collaboration_assuranceMatch10.5.1
ORciscoprime_collaboration_assuranceMatch10.6.0
Related
cisco
cisco
Cisco Prime Collaboration Assurance Information Disclosure Vulnerability
2015-09-16 16:17:06
Multiple Vulnerabilities in Cisco Prime Collaboration Assurance
2015-09-16 16:00:00
prion
prion
Design/Logic Flaw
2015-09-20 01:59:00
cvelist
cvelist
CVE-2015-4305
2015-09-20 01:00:00
nvd
nvd
CVE-2015-4305
2015-09-20 01:59:01
nessus
nessus
securityvulns
securityvulns
Cisco Prime multiple security vulnerabilities
2015-10-12 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.5%
Related for CVE-2015-4305