A vulnerability in the web framework of Cisco Prime Collaboration Assurance (PCA) could allow an authenticated, remote malicious user to retrieve arbitrary files from the underlying file system. The vulnerability is due to incorrect implementation of the access control code. An attacker could exploit this vulnerability by submitting a crafted URL to the system. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco prime collaboration assurance 10.5.1 |