==========================
==========================
==================

                                        CERT-Renater

                            Note d'Information No. 2015/VULN194
_____________________________________________________________________

DATE                : 17/09/2015

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Prime Collaboration
                                     Assurance.

==========================
==========================
====================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisc=
o-sa-20150916-pca
_____________________________________________________________________

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime 
Collaboration Assurance


Advisory ID: cisco-sa-20150916-pca

Revision 1.0

For Public Release 2015 September 16 16:00  UTC (GMT)


+---------------------------------------------------------------------
Summary
=======
Cisco Prime Collaboration Assurance Software contains the following
vulnerabilities:

   * Cisco Prime Collaboration Assurance Web Framework Access Controls
Bypass Vulnerability
   * Cisco Prime Collaboration Assurance Information Disclosure
Vulnerability
   * Cisco Prime Collaboration Assurance Session ID Privilege Escalation
Vulnerability


Successful exploitation of the Cisco Prime Collaboration Assurance Web
Framework Access Controls Bypass Vulnerability and Cisco Prime
Collaboration Assurance Session ID Privilege Escalation Vulnerability
could allow an authenticated attacker to perform tasks with the
privileges of an administrator for any domain or customer managed by
the affected system.

Successful exploitation of the Cisco Prime Collaboration Assurance
Information Disclosure Vulnerability could allow an authenticated
attacker to access sensitive information, such as SNMP community
strings and administrative credentials, of any devices imported in the
system database.

Cisco has released software updates that address these vulnerabilities.
Workarounds that mitigate these vulnerabilities are not available. This
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisc=
o-sa-20150916-pca

==========================
==========================
=======
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================
==========================
========
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================
==========================
========