Design/Logic Flaw

2018-06-0712:29:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.7%

JSON

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an access request. An exploit could allow the attacker to promote their account to any role defined on the system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvc90286.

CPENameOperatorVersion
prime_collaborationle12.1
prime_collaboration_provisioningle12.2

CPE	Name	Operator	Version
	prime_collaboration	le	12.1
	prime_collaboration_provisioning	le	12.2

References

www.securityfocus.com/bid/104432

www.securitytracker.com/id/1041080

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass