Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Cisco Prime
Опубликовано:12 октября 2015 г.
Источник:
SecurityVulns ID:14724
Тип:удаленная
Уровень опасности:
6/10
Описание:Обход ограничений, повышение привилегий, раскрытие информации.
Затронутые продукты:CISCO : Cisco Prime Collaboration Assurance 10.5
CVE:CVE-2015-6259 (The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.)
 CVE-2015-4307 (The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.)
 CVE-2015-4306 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.)
 CVE-2015-4305 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656.)
 CVE-2015-4304 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652.)
Файлы:Cisco Security Advisory Multiple Vulnerabilities in Cisco Prime Collaboration Assurance
 Cisco Security Advisory Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability
 Cisco Security Advisory Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород