Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.2432
Cisco Prime Collaboration Provisioning Web Framework Access
Controls Bypass Vulnerability
17 September 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Prime Collaboration Provisioning Web Framework
Publisher: Cisco Systems
Operating System: VMware ESX Server
Cisco
Impact/Access: Administrator Compromise -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2015-4307
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability
Advisory ID: cisco-sa-20150916-pcp
Revision 1.0
For Public Release 2015 September 16 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions.
An exploit could allow the attacker to access functions some of which should be accessible only to users who have administrative privileges. This includes creating an administrative user.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJV+ZYgAAoJEIpI1I6i1Mx3icAQAJLrLhHzt9nr7hZFbRV8Rp2L
1kYZw3q2K8aJG854DzyU0WcQV7xeMwCC+YAs1Z0R73a/CTFYqmfv7MLNOjJZauob
WDBLkhen5mqr38uyxN5RrvYB8ZNhEzyd2wRSSxUKTG3Peq1TpU3rXCdhJXIuElPQ
G4MHFyGrEqKd501knQBLmIPnJ75LGLWrHuT6BkTNKaL7b/3xg4P+nkcPSR/aGnuO
IDjoaiTD2K7ggByGtb66mAtgQWJ86UVPEE4r3wMTDLXjnjXj8EvSQ1wRERcpu5dH
tJyKvlhE+sR3HPvOMN/NYRlM2Q3+kdaxAbfek/39bwALKyz2GShNUxN0WTajsDTw
LCYhoX1Ul6PPW5bBYE9RwqRvSZrJ+hVgG0CUJwsmtTs7sgg9dOLofTk9RNP/mTmA
4lXcFs6PK4t/ZscDX+SG0NfbC8yc1PK92FEnugGm6FmcDw/0pyGjeRSmHZdUp5F6
b6DDfchaf19AiCnSEOcpU71fAu2NScydo/ebigcgKyo5aNZ4QWLN1eO63pg4AqOQ
z7X3je767Ro0xIwIAM+eeBbvm3TzZ594AqnT1gNr+8i+xqGE0qQwgpIQAYHwDmy2
1ayyHF4uCiPtvNLZaQNxxax+WRmClDJzXK83J9AEYIPlccdthb1umCVX723qffgj
ekdqIhCjP0RayzEFyupE
=9zj1
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVfoaUn6ZAP0PgtI9AQI4hA//ZygGQcS5Krbe5E5XQ5iJmzIurrD8cJLl
cwUDHJ0jJnpsQEDsHsAFT610oxZ5sLss9ftKslDlItt8lcMGIBUId+8lVuhGnUhw
I4mGsoGQyMnhJiLGDdrN2Ce8VbGzil7atJbEpgnShCsGspNg6n9+np0f7yypmvFo
sgyouY1EaMc8VnIiV0iwgm7pIa0xNTVpgZA/6izpDHOVCkctr7qUyqOrMuJdPbXY
/mlYvQLphpRwme9duQ3C1kfztvVhgykHAaic6Bem4R+CWwga2e2Q2oGlq/9P66xc
sT10NNlMZ1LGQHNmCf72y+BiJWj2g7ykIkXeo8UDOs8M2YCKkIxeA02xy6XibsKc
zsjfCI0JDLLBmqsCtV3OeqTCRCxIFqiHiCJzl5Ck4yX0kRMDJQSTGxz/qs8v14tg
b4klE+H02Uz4feobT+uJdE98UmQjynHuW+36fgdmB51uL9HfKBBdx49NDg6M+Oqh
ueSxSGgaFYR9uelTD/Ody2godMdxxHSqYd0GfQSk0E2Mv0r4X8Q8zM96rJPN7LgA
EjUBSvB5BcX8yd9Rdl6ctYg0ETCwFU7S4MqKLCWOlSVtRZVn2g9tfS8KQw6k/QGZ
unPPLOOoXP4k7ia9TcMnLEOPh9zYLubdnRCCQLjavrrTgs62eQsewaIX+BvgMe5a
WBSNlaVOsJs=
=1ieK
-----END PGP SIGNATURE-----