Cisco Security Advisory
Click Icon to Copy Verbose Score
AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
-
Cisco Prime Collaboration Assurance Software contains the following vulnerabilities:
- Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability
- Cisco Prime Collaboration Assurance Information Disclosure Vulnerability
- Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability
Successful exploitation of the Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability and Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability could allow an authenticated attacker to perform tasks with the privileges of an administrator for any domain or customer managed by the affected system.
Successful exploitation of the Cisco Prime Collaboration Assurance Information Disclosure Vulnerability could allow an authenticated attacker to access sensitive information, such as Simple Network Management Protocol (SNMP) community strings and administrative credentials, of any devices imported in the system database.
Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca
-
Vulnerable Products
Any product running a vulnerable version of Cisco Prime Collaboration Assurance Software is affected by these vulnerabilities.
Products Confirmed Not Vulnerable
Cisco Prime Collaboration Provisioning is not affected by the vulnerabilities included in this security advisory; however, a different access controls bypass vulnerability has been found in Cisco Prime Collaboration Provisioning, which is disclosed in the Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability security advisory at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp
No other Cisco products are currently known to be affected by these vulnerabilities.
-
Cisco Prime Collaboration helps enable rapid installation and maintenance of Cisco Unified Communications and Cisco TelePresence components as well as the provisioning of users and services.
Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability
A vulnerability in the web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to access higher-privileged functions.
The vulnerability is due to improper implementation of authorization and access controls. An attacker could exploit this vulnerability by sending a crafted URL to the system. The attacker would need to be logged in to the system to exploit this vulnerability.
An exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative privileges. Because of this vulnerability, an attacker could create an additional administrative user or access information from another domain if the system is used in multiple tenants environment.
This vulnerability is documented in Cisco bug IDs CSCus62671 (registered customers only) and CSCus62652 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2015-4304
Cisco Prime Collaboration Assurance Information Disclosure Vulnerability
A vulnerability in the web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to access information about any device imported into the system database.
The vulnerability is due to improper implementation of authorization and access controls. An attacker could exploit this vulnerability by sending crafted URLs to the system. The attacker would need to be logged in to the system to exploit this vulnerability.
An exploit could allow the attacker to access information about devices imported into the system database, including devices for other customers or domains. The information that an attacker could retrieve includes SNMP community strings and devices' administrative credentials. This would allow the attacker to gain administrative access to these devices.
This vulnerability is documented in Cisco bug ID CSCus62656 (registered customers only) and CVE ID CVE-2015-4305.
Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability
A vulnerability in the web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to access information about users who are logged in to the system, including users' session identifiers.
The vulnerability is due to improper implementation of authorization and access controls. An attacker could exploit this vulnerability by sending crafted URLs to the system. The attacker would need to be logged in to the system to exploit this vulnerability.
An exploit could allow the attacker to access information about users who are logged in to the system, including users' session identifiers. Using this identifier, an attacker could impersonate any user, including administrative users, for any domain or customer if the system is configured for multiple tenants. Using this information, an attacker could perform any privileged functions during the time the session ID is valid.
This vulnerability is documented in Cisco bug IDs CSCus88343 (registered customers only) and CSCus88334 (registered customers only) and CVE ID CVE-2015-4306.
-
There are no workarounds that mitigate these vulnerabilities.
-
When considering software upgrades, customers are advised to consult the Cisco Security Advisories, Responses, and Alerts archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
The Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability, Cisco Prime Collaboration Assurance Information Disclosure Vulnerability, and Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability have been fixed in Cisco Prime Collaboration Assurance Software Release 10.5.1 MSP patch cpc-assurance-patchbundle-10.5.1.53684-1.x86_64.tar.gz and Release 11.0 and later. There is currently no fixed release for Cisco Prime Collaboration Assurance Software Release 10.6 or Release 10.5 ENT.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
These vulnerabilities were reported to Cisco during the resolution of support cases.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Show LessRevision 1.0 2015-September-16 Initial public release.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.