Detections
Analytics

Cisco Prime Collaboration Assurance 10.5.1.x < 10.5.1.58480 Multiple Vulnerabilities

medium Nessus Plugin ID 91342

Language:

Synopsis

The remote network management device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the remote Cisco Prime Collaboration Assurance device is 10.5.1.x prior to 10.5.1.58480. It is, therefore, affected by the following vulnerabilities :

 - An information disclosure vulnerability exists in the web framework of Cisco Prime Collaboration Assurance (PCA) due to incorrect implementation of the access control code. An authenticated, remote attacker can exploit this, via a specially crafted URL, to retrieve arbitrary files from the file system. (CVE-2015-6328)

 - A SQL injection vulnerability exists in the web framework of Cisco Prime Collaboration Assurance (PCA) due to improper sanitization of user-supplied input before using it in SQL queries. An authenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
 (CVE-2015-6331)

Solution

Upgrade to Cisco Prime Collaboration Assurance version 10.5.1.58480 or later.

See Also

http://www.nessus.org/u?1caf7cce

http://www.nessus.org/u?d34ea30b

Plugin Details

Severity: Medium

ID: 91342

File Name: cisco_prime_ca_sa-20151008-pca.nasl

Version: 1.3

Type: combined

Family: CISCO

Published: 5/9/2016

Updated: 7/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/a:cisco:prime_collaboration_assurance

Required KB Items: Host/Cisco/PrimeCollaborationAssurance/version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/8/2015

Vulnerability Publication Date: 10/8/2015

Reference Information

CVE: CVE-2015-6328, CVE-2015-6331

BID: 77051, 77052