Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1662

A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerability affects Cisco PCA Software Releases prior to 12.1 SP2.

Published

2019-02-21T17:29:00.773

Last Modified

2024-11-21T04:37:02.537

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	prime_collaboration_assurance	< 12.1	Yes
Application	cisco	prime_collaboration_assurance	12.1	Yes
Application	cisco	prime_collaboration_assurance	12.1	Yes

References

http://www.securityfocus.com/bid/107096 Third Party Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-pca-access Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/107096 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-pca-access Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)