Main Vulnerability Database SB2016070402

SB2016070402 - Authentication bypass in Cisco Prime Collaboration Provisioning

Published: July 5, 2016

Security Bulletin ID SB2016070402

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Directory access protocol authentication bypass vulnerability (CVE-ID: CVE-2016-1416)

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists in the LDAP authentication component. A remote unauthenticated attacker can bypass authentication checks and gain administrative access on the target system.

The vendor has assigned bug ID CSCuv37513 to this vulnerability.

Successful exploitation of this vulnerability may grant the attacker full administrator privileges.

Remediation

Install update from vendor's website.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass