Main Vulnerability Database Vulnerabilities #VU82

Directory access protocol authentication bypass vulnerability in Cisco Prime Collaboration Provisioning - CVE-2016-1416

Published: July 4, 2016 / Updated: July 5, 2016

Vulnerability identifier: #VU82

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-1416

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Prime Collaboration Provisioning

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists in the LDAP authentication component. A remote unauthenticated attacker can bypass authentication checks and gain administrative access on the target system.

The vendor has assigned bug ID CSCuv37513 to this vulnerability.

Successful exploitation of this vulnerability may grant the attacker full administrator privileges.

How to mitigate CVE-2016-1416

Update your version through software updates that address the vulnerability described in the advisory at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypas...

Sources

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass

Directory access protocol authentication bypass vulnerability in Cisco Prime Collaboration Provisioning - CVE-2016-1416

Detailed vulnerability description

How to mitigate CVE-2016-1416

Sources

Please verify you're human