The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Prime_collaboration_assurance | Cisco | 10.5.1 | 10.5.1 |
Prime_collaboration_assurance | Cisco | 10.0.0 | 10.0.0 |
Prime_collaboration_assurance | Cisco | 9.0.0 | 9.0.0 |
Prime_collaboration_assurance | Cisco | 10.6.0 | 10.6.0 |
Prime_collaboration_assurance | Cisco | 9.5.0 | 9.5.0 |
Prime_collaboration_assurance | Cisco | 10.5.0 | 10.5.0 |