Prime Collaboration Provisioning
CVE-2015-4307
CRITICAL
Severity by source
AV:N/AC:L/Au:S/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:S/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.
AnalysisAI
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111. Affected products include: Cisco Prime Collaboration Provisioning. Version information: before 11.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote a
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote a
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to acces
A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated
A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthe
A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenti
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authentic
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remot
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local atta
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote at
A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning a
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today