Back to CVE Browser

CVE-2018-0319

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0280%

EPSS Percentile13.01th

PublishedJun 7, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07253.

Affected Platforms (CPE)

📦

Cisco

Prime Collaboration

<= 12.1

📦

Cisco

Prime Collaboration Provisioning

<= 11.6

References & Advisories

🔗 http://www.securityfocus.com/bid/104431

🔗 http://www.securitytracker.com/id/1041079

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery

🔗 http://www.securityfocus.com/bid/104431

🔗 http://www.securitytracker.com/id/1041079

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery

Related Vulnerabilities

CVE-2018-03209.8

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote a...

CVE-2017-123379.8

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platfo...

CVE-2018-03189.8

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, rem...

CVE-2018-03219.8

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java...