==========================
==========================
==================

                                         CERT-Renater

                             Note d'Information No. 2015/VULN195
_____________________________________________________________________

DATE                : 17/09/2015

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Prime Collaboration
                                     Provisioning.

==========================
==========================
====================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisc=
o-sa-20150916-pcp
_____________________________________________________________________

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web 
Framework Access Controls Bypass Vulnerability


Advisory ID: cisco-sa-20150916-pcp

Revision 1.0

For Public Release 2015 September 16 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the web framework of Cisco Prime Collaboration
Provisioning could allow an authenticated, remote attacker to access
higher-privileged functions.

An exploit could allow the attacker to access functions some of which
should be accessible only to users who have administrative privileges.
This includes creating an administrative user.

Cisco has released software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are not available. This
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisc=
o-sa-20150916-pcp

==========================
==========================
=======
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================
==========================
========
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================
==========================
========