Bypassing Access Restrictions and Arbitrary Account Creation in Cisco Prime Collaboration Assurance

Bypassing Access Restrictions and Arbitrary Account Creation in Cisco Prime Collaboration Assurance

CVE-2015-4304 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652.

Learn more about our Cis Benchmark Audit For Cisco.