CVE-2015-4306

high Cisco
CVSS v3 Base Score
8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
EPSS Score
0.4%
Exploitation probability in 30 days
Top 41% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: September 20, 2015 (3889 days ago)
Last Modified: May 6, 2026
Vendor: Cisco
Source: NVD

Description

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.

CWE

CWE-264

Affected Products

cisco prime collaboration assurance

References

🔗 tools.cisco.com 🔗 www.securitytracker.com 🔗 tools.cisco.com 🔗 www.securitytracker.com