Operating System:

[Cisco][Virtual]

Published:

17 September 2015

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2015.2430 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.2430
      Multiple Vulnerabilities in Cisco Prime Collaboration Assurance
                             17 September 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Prime Collaboration Assurance
Publisher:         Cisco Systems
Operating System:  VMware ESX Server
                   Cisco
Impact/Access:     Access Privileged Data -- Existing Account
                   Increased Privileges   -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-4304 CVE-2015-4305 CVE-2015-4306

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance


Advisory ID: cisco-sa-20150916-pca

Revision 1.0

For Public Release 2015 September 16 16:00  UTC (GMT) 


+---------------------------------------------------------------------
Summary
=======
Cisco Prime Collaboration Assurance Software contains the following vulnerabilities:

  * Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability
  * Cisco Prime Collaboration Assurance Information Disclosure Vulnerability
  * Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability


Successful exploitation of the Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability and Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability could allow an authenticated attacker to perform tasks with the privileges of an administrator for any domain or customer managed by the affected system.

Successful exploitation of the Cisco Prime Collaboration Assurance Information Disclosure Vulnerability could allow an authenticated attacker to access sensitive information, such as SNMP community strings and administrative credentials, of any devices imported in the system database.

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJV+ZYNAAoJEIpI1I6i1Mx3IYEP/0h0hDtNwLTTMtLf800IV6zs
T6QtgHMCpBLvV1AOurzE1x5dnCIm5KJEDDDadDDxSoOl6EU78+0nDOhNSiAcfoYb
aH3+Q0M/JW7nF02CGEYkDqZ7j6WwFoFzpuegjaJkWBG+va3AnP5mUSgIpqxgEL0z
C+r28HAohgQCYGe13ozj05J23iyf6rDi/G/yWtkb7BqjMcGz+bzpjcHHQdRRfU6E
4yHBPQFGhcOi8qARMUbOK1OkCif8Z64/oqWy1WP1fvZMrIZkKHBe8p/0KpoomJFV
CENiWcHvf8d2SzKYdRxCZvOLutoZT9Ec4MgzAeQ1ENW2XsoKP2KpA2HSYRt64kau
DOzpIeoGbwqe0UBbcdn8BxOvCk63DFOw8RblPD6O1pTmhchdZGesCr0RBZUgcv3J
/TcQiyvutGDAGaxlGW5MzKUwK986lEE1xjq+bdLc37XyCs4OWIA9exN4yk/v7pH8
emfronbPniGzFylUNjVFhN0hSgNEkd89BZO4S24UqZVyAr0hKTgjha9O+CepUyMC
ui5W2/CpE05fR8o7nTuTG24r3aJE19+BesOsAVkMW+sbUOT6HjZdL/G0VsvCXb5m
s6GdlHvtUSIVSr8PTCT6VlYMiKUWNjq+rKldxXZhm2rAKtXwqPFjIL+UB4yykWha
LvVVZW9DjDafYeIahD/J
=oLvr
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVfoZWX6ZAP0PgtI9AQLkExAAtRWJvYtI4xqlZNYLXXBz7paiHFewcFio
4MfZuEBQ5Sl34bTU/VIm776edu4QgNLlLiDcb01Ax35zu/V/2O0Km4tqfORM7YRo
aOfdDzIrqysCqM5MOCXgvOMRJ+gR9ajGI8wRhmSflEM0Vd6PQst5JWHe9Es8t05p
AcDem93LtRiTUbkhf33/XqRAqRQ/vhBxnjAgZq/kp3M1kQ4veEhpd14Nx4GlDKbA
NpANKDuoL9IktPaVbpoUszWSUIK+ujyyQ6cIQP8uejyBIqVaALJBpEmXPEP6VuMo
b4uT/x8oKnjOur86RPAy7+bU1GyTKUO74QMbLBJSsaSTsQnDA2KBabViB5MvkkOe
SeOEauSQ6RPRrNhF4YwhhHmEgE6eemPf7c4Xe9bs/QRYSpF3B3H6veBdZEwSJKoW
6EDNTsBPDGrO+0Vc6BcjUXF0tmyyQyppFTLhIe47xbQ1xQuyB5ZubzcQVxuSZaJY
UQAudEMMdZzRO/r8MB8NumYkCsEOT6dKMPfH1F1AE3Jdd213V//Ws90mM2MmzW3M
6DN0t6YmKvuhfxomhEkQ66z6Zm4X7AjV2en2lETYY1DLKtLTF6xCwrqSNfUrfnEy
T3W47qdPYjDF9MFevSabWNWETNOlYJCz67Iw8FCnbP3FkjTQA/gFixGXu1lWXc+F
41Ef9Eb9TT4=
=V9Bn
-----END PGP SIGNATURE-----