Lucene search

[email protected]CVE-2018-0318

HistoryJun 07, 2018 - 12:29 p.m.

CVE-2018-0318

2018-06-0712:29:00

CWE-255

CWE-287

[email protected]

web.nvd.nist.gov

cve-2018-0318

vulnerability

password reset

cisco prime collaboration provisioning

pcp

unauthorized access

administrative-level privileges

nvd

cscvd07245

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.6%

JSON

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07245.

Affected configurations

NVD

Node

ciscoprime_collaborationRange≤12.1

ciscoprime_collaboration_provisioningRange≤11.6

CPENameOperatorVersion
cisco:prime_collaborationcisco prime collaborationle12.1
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningle11.6

CPE	Name	Operator	Version
cisco:prime_collaboration	cisco prime collaboration	le	12.1
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	le	11.6

CNA Affected

[
  {
    "product": "Cisco Prime Collaboration Provisioning unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Prime Collaboration Provisioning unknown"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104434

www.securitytracker.com/id/1041082

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2018-0318

cisco1 prion1 nvd1 cvelist1