CVE-2015-4306

Published Sep 20, 2015

Last updated 8 years ago

Overview

Description: The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 8.5
Impact score: 10
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:9.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6E4A29B-3F16-43D9-AEF7-E0133B07A8A6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:9.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "868011B4-2359-4867-8DE2-CE8BC2D5451A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:10.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7297A13E-7D34-495C-AD8C-D5DD498E951F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24D5EE73-6543-4011-85C3-CDBB079043C2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7BC51A3-C6B9-43F3-B742-4925A9DFEDDC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:10.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF979F82-4761-45D7-A1A1-44F0B3C8CFD1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References