Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability

2018-10-0316:00:00

tools.cisco.com

0.004 Low

EPSS

Percentile

72.0%

JSON

A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install.

The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password”]

Affected configurations

Vulners

Node

ciscoprime_collaboration_provisioningMatchany

CPENameOperatorVersion
cisco prime collaboration provisioningeqany
cisco prime collaboration provisioningeqany

CPE	Name	Operator	Version
	cisco prime collaboration provisioning	eq	any
	cisco prime collaboration provisioning	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password

0.004 Low

EPSS

Percentile

72.0%

JSON

Related for CISCO-SA-20181003-CPCP-PASSWORD