Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.2430 Multiple Vulnerabilities in Cisco Prime Collaboration Assurance 17 September 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Prime Collaboration Assurance Publisher: Cisco Systems Operating System: VMware ESX Server Cisco Impact/Access: Access Privileged Data -- Existing Account Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-4304 CVE-2015-4305 CVE-2015-4306 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance Advisory ID: cisco-sa-20150916-pca Revision 1.0 For Public Release 2015 September 16 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco Prime Collaboration Assurance Software contains the following vulnerabilities: * Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability * Cisco Prime Collaboration Assurance Information Disclosure Vulnerability * Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability Successful exploitation of the Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability and Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability could allow an authenticated attacker to perform tasks with the privileges of an administrator for any domain or customer managed by the affected system. Successful exploitation of the Cisco Prime Collaboration Assurance Information Disclosure Vulnerability could allow an authenticated attacker to access sensitive information, such as SNMP community strings and administrative credentials, of any devices imported in the system database. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJV+ZYNAAoJEIpI1I6i1Mx3IYEP/0h0hDtNwLTTMtLf800IV6zs T6QtgHMCpBLvV1AOurzE1x5dnCIm5KJEDDDadDDxSoOl6EU78+0nDOhNSiAcfoYb aH3+Q0M/JW7nF02CGEYkDqZ7j6WwFoFzpuegjaJkWBG+va3AnP5mUSgIpqxgEL0z C+r28HAohgQCYGe13ozj05J23iyf6rDi/G/yWtkb7BqjMcGz+bzpjcHHQdRRfU6E 4yHBPQFGhcOi8qARMUbOK1OkCif8Z64/oqWy1WP1fvZMrIZkKHBe8p/0KpoomJFV CENiWcHvf8d2SzKYdRxCZvOLutoZT9Ec4MgzAeQ1ENW2XsoKP2KpA2HSYRt64kau DOzpIeoGbwqe0UBbcdn8BxOvCk63DFOw8RblPD6O1pTmhchdZGesCr0RBZUgcv3J /TcQiyvutGDAGaxlGW5MzKUwK986lEE1xjq+bdLc37XyCs4OWIA9exN4yk/v7pH8 emfronbPniGzFylUNjVFhN0hSgNEkd89BZO4S24UqZVyAr0hKTgjha9O+CepUyMC ui5W2/CpE05fR8o7nTuTG24r3aJE19+BesOsAVkMW+sbUOT6HjZdL/G0VsvCXb5m s6GdlHvtUSIVSr8PTCT6VlYMiKUWNjq+rKldxXZhm2rAKtXwqPFjIL+UB4yykWha LvVVZW9DjDafYeIahD/J =oLvr - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVfoZWX6ZAP0PgtI9AQLkExAAtRWJvYtI4xqlZNYLXXBz7paiHFewcFio 4MfZuEBQ5Sl34bTU/VIm776edu4QgNLlLiDcb01Ax35zu/V/2O0Km4tqfORM7YRo aOfdDzIrqysCqM5MOCXgvOMRJ+gR9ajGI8wRhmSflEM0Vd6PQst5JWHe9Es8t05p AcDem93LtRiTUbkhf33/XqRAqRQ/vhBxnjAgZq/kp3M1kQ4veEhpd14Nx4GlDKbA NpANKDuoL9IktPaVbpoUszWSUIK+ujyyQ6cIQP8uejyBIqVaALJBpEmXPEP6VuMo b4uT/x8oKnjOur86RPAy7+bU1GyTKUO74QMbLBJSsaSTsQnDA2KBabViB5MvkkOe SeOEauSQ6RPRrNhF4YwhhHmEgE6eemPf7c4Xe9bs/QRYSpF3B3H6veBdZEwSJKoW 6EDNTsBPDGrO+0Vc6BcjUXF0tmyyQyppFTLhIe47xbQ1xQuyB5ZubzcQVxuSZaJY UQAudEMMdZzRO/r8MB8NumYkCsEOT6dKMPfH1F1AE3Jdd213V//Ws90mM2MmzW3M 6DN0t6YmKvuhfxomhEkQ66z6Zm4X7AjV2en2lETYY1DLKtLTF6xCwrqSNfUrfnEy T3W47qdPYjDF9MFevSabWNWETNOlYJCz67Iw8FCnbP3FkjTQA/gFixGXu1lWXc+F 41Ef9Eb9TT4= =V9Bn -----END PGP SIGNATURE-----