The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Cisco Prime Collaboration Provisioning: privilege escalation

Synthesis of the vulnerability

An attacker can use Cisco Prime Collaboration Provisioning, in order to escalate his privileges.
Severity of this bulletin: 2/4.
Creation date: 17/09/2015.
Références of this threat: CERTFR-2015-AVI-396, cisco-sa-20150916-pcp, CSCut64111, CVE-2015-4307, VIGILANCE-VUL-17907.

Description of the vulnerability

The Cisco Prime Collaboration Provisioning product offers a web service.

However, using a malicious url, an authenticated attacker can create an administrative account.

An attacker can therefore use Cisco Prime Collaboration Provisioning, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

This security vulnerability impacts software or systems such as Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure.

Our Vigil@nce team determined that the severity of this computer weakness bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of user account.

An attacker with a expert ability can exploit this security note.

Solutions for this threat

Cisco Prime Collaboration Provisioning: version 11.
The version 11 is fixed:
  http://www.cisco.com/cisco/software/navigator.html
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides an application vulnerability alert. The Vigil@nce vulnerability database contains several thousand vulnerabilities.