—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability
Advisory ID: cisco-sa-20160629-cpcpauthbypass
Revision 1.0
For Public Release 2016 June 29 16:00 UTC (GMT)
+———————————————————————
Summary
=======
A vulnerability in the Lightweight Directory Access Protocol (LDAP) authentication for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.
The vulnerability is due to an improper implementation of LDAP authentication. An attacker could exploit this vulnerability by logging into a targeted device that is configured for LDAP authentication. Successful exploitation of this vulnerability could grant the attacker full administrator privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBV2qr3q89gD3EAJB5AQLLnw//ZD85xqIpSmQranwPfYQDeoM2uD6+TNby
Vl+47uZOC+csQ0PB9d/z6zylu/426OyJSSUje2c44lSXDJ8iHy9dBNY0ozyk4Uzj
oTOlr1h8YEDkjxZZ66yqm0GoTVo341tbAaDJb8xWHYjb6STnAP3r8hHu0jleH26j
vn/NQ3xPTQ7FPaB6gDoKn6Kb2Y8rDjUs+Hps7S9REtplxLR9zkERS0lWQHoz0bSd
eBTmNg5OAQxVwH6jFc4wnUnHHaPk7iALBXVo8mrkU3+6CAfejUbhJpSVxYceZQZx
hl7NFgr9NSj4aT1nnnNGjGPHY4pPvrvyc55hQIrIPtk+teEzWL0br5VxPB3LVmKS
framl2fXHOd7uV1rHcgfWlI0LYBldC1C5JhSlE9hxh3BfpejMauev2rGiWVDCTyr
RIC7zJDqBAc3F7XjbjVebrKjdb761SPmYbdCDHyVBuR8mePyzbEvHkfkvSGi0XbD
egVto6K1njcXU1uXLyKxGnPDH2pUZCTT+Hg7wF3U3zf0gvpO9Ifk+uhELoz6FAFJ
SXGVS245KjwhJmBwh02gsjbX/Fy+DLUnmVAsdL5hCMBZmzv5Cs0fGqefBTgHahft
5ZVRP3cfwSKSFfLTRTO6GF2ZlUk4kwFwqP1HpVjB2Y4N/63OllST/lIlJPhsZHH0
BNnEWyb0RME=
=hP8c
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com