First published: Thu Feb 21 2019(Updated: )
A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerability affects Cisco PCA Software Releases prior to 12.1 SP2.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Prime Collaboration Assurance | <12.1 | |
Cisco Prime Collaboration Assurance | =12.1 | |
Cisco Prime Collaboration Assurance | =12.1-sp1 | |
<12.1 | ||
=12.1 | ||
=12.1-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco Prime Collaboration Assurance vulnerability is CVE-2019-1662.
CVE-2019-1662 has a severity rating of 9.1 (critical).
An attacker can exploit CVE-2019-1662 by accessing the system as a valid user, due to insufficient authentication controls.
Cisco Prime Collaboration Assurance (PCA) Software versions up to 12.1, including 12.1 and 12.1-sp1, are affected by CVE-2019-1662.
Yes, you can find references for CVE-2019-1662 at the following links: [http://www.securityfocus.com/bid/107096](http://www.securityfocus.com/bid/107096), [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-pca-access](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-pca-access).