Boletines de Vulnerabilidades

Cisco Prime Collaboration Assurance Arbitrary File Retrieval Vulnerability

Información sobre el sistema
   
Software afectado Cisco

Descripción
A vulnerability in the web framework of Cisco Prime Collaboration Assurance (PCA) could allow an authenticated, remote attacker to retrieve arbitrary files from the underlying file system.The vulnerability is due to incorrect implementation of the access control code. An attacker could exploit this vulnerability by submitting a crafted URL to the system.Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.This

More info:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Collaboration%20Assurance%20Arbitrary%20File%20Retrieval%20Vul

Identificadores estándar
Propiedad Valor
CVE CVE-2015-6328.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-10-09

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT