Vulnerability in Cisco Prime_collaboration_provisioning

CVE-2015-4307

The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.

EPSS: 0.026 (83.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Prime_collaboration_provisioning — versions 9.0.0, 9.5.0, 10.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

1033579 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20150916 Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)