Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Prime multiple security vulnerabilities
Published:12.10.2015
Source:
SecurityVulns ID:14724
Type:remote
Threat Level:
6/10
Description:Restrictions bypass, privilege escalation, information disclosure.
Affected:CISCO : Cisco Prime Collaboration Assurance 10.5
CVE:CVE-2015-6259 (The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.)
 CVE-2015-4307 (The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.)
 CVE-2015-4306 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.)
 CVE-2015-4305 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656.)
 CVE-2015-4304 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652.)
Files:Cisco Security Advisory Multiple Vulnerabilities in Cisco Prime Collaboration Assurance
 Cisco Security Advisory Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability
 Cisco Security Advisory Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod